WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] insufficiencies in pv kernel image validation

from [MaoXiaoyun] [Permanent Link][Original]
To: xen devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] insufficiencies in pv kernel image validation
From: MaoXiaoyun <tinnycloud@xxxxxxxxxxx>
Date: Tue, 17 May 2011 00:38:31 +0800
Delivery-date: Mon, 16 May 2011 09:39:22 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
Importance: Normal
In-reply-to: <BAY0-MC2-F46jsbFMAv00186193@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <BAY0-MC2-F46jsbFMAv00186193@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Hi:
 
   Documented in  https://bugzilla.redhat.com/show_bug.cgi?id=696927.
 
[[[   It has been found that xc_try_bzip2_decode() and xc_try_lzma_decode() decode
routines did not properly check for possible buffer size overflow in the
decoding loop. Specially crafted kernel image file could be created that would
trigger allocation of a small buffer resulting in buffer overflow with user
supplied data.

Additionally, several integer overflows and lack of error/range checking that
could result in the loader reading its own address space or could lead to an
infinite loop have been found.

A privileged DomU user could use these flaws to cause denial of service or,
possibly, execute arbitrary code in Dom0.

Only management domains with 32-bit userland are vulnerable.
]]]
 
 The last line of above,  what is "management domains"?
 Does Xen 4.0/4.1 suffer this bug?
 And any patches available?
 
 Thanks.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Re: [Xen-devel] Linux 2.6.39 - what Xen components went in., Jeremy Fitzhardinge
Next by Date:  Re: [Xen-users] Re: [Xen-devel] Linux 2.6.39 - what Xen components went in., Konrad Rzeszutek Wilk
Previous by Thread:  [Xen-devel] Using kdb debugger on Xen-4.1, Sergey Tovpeko
Next by Thread:  Re: [Xen-devel] insufficiencies in pv kernel image validation, Keith Coleman
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy