Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 289309 Details for
Bug 385319
<app-emulation/xen-3.4.2-r4: Host Crash Denial of Service Vulnerability (CVE-2011-2901)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
the security patch in xen-3.4.2-fix-__addr_ok-limit.patch
xen-3.4.2-fix-__addr_ok-limit.patch (text/plain), 1.80 KB, created by
Ian Delaney (RETIRED)
on 2011-10-09 08:59:36 UTC
(
hide
)
Description:
the security patch in xen-3.4.2-fix-__addr_ok-limit.patch
Filename:
MIME Type:
Creator:
Ian Delaney (RETIRED)
Created:
2011-10-09 08:59:36 UTC
Size:
1.80 KB
patch
obsolete
>VERSION HISTORY >=============== > >Analysis following version 1 of this advisory (sent out to the >predisclosure list during the embargo period) indicates that the >actual DoS vulnerability only exists in very old hypervisors, Xen 3.3 >and earlier, contrary to previous reports. > >This advisory is no longer embargoed. >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.9 (GNU/Linux) > >iQEcBAEBAgAGBQJOYLq2AAoJEIP+FMlX6CvZLegH/26/oJBkd/WM/yYhXkzlbnIP >MxF6Fgy96Omu8poQTanD7g1vEcM0TOLY+Kk3GGsfj4aDdEJ5Nq4ZOW8ooI0VnVcD >7VXQqFsXPxre+eZ6g+G0AsmzdsG45C3qujUTRfGKqzYwXqjWjt9nNsdIy1Mrz8/4 >zG1uLDkN0LXnBG2Te4q8ZckYwMq8gFXHHnH35RfQ5Besu6pvJmtK3rFXETdlP12A >JjBh7t5jsCfzvYWFQehVp8mJupuftiOBPClmVh4vrvN9gYd5rzEgB4Q9Ioiqz2qT >2bE1zegR8NeOKBOi9xriTU8F530OdFzeWAbo7D5gyEbYdc60eNwbadcgNGLbzMg= >=09T8 >-----END PGP SIGNATURE----- > >Subject: XSA-4: xen: correct limit checking in x86_64 version of __addr_ok > >The x86_64 __addr_ok() macro intends to ensure that the checked >address is either in the positive half of the 48-bit virtual address >space, or above the Xen-reserved area. However, the current shift >count is off-by-one, allowing full access to the "negative half" >too. Guests may exploit this to gain access to off-limits ranges. > >This issue has been assigned CVE-2011-2901. > >Signed-off-by: Laszlo Ersek <lersek@...hat.com> >Signed-off-by: Ian Campbell <ian.campbell@...rix.com> > >diff --git a/xen/include/asm-x86/x86_64/uaccess.h >b/xen/include/asm-x86/x86_64/uaccess.h >--- a/xen/include/asm-x86/x86_64/uaccess.h >+++ b/xen/include/asm-x86/x86_64/uaccess.h >@@ -34,7 +34,7 @@ > * non-canonical address (and thus fault) before ever reaching VIRT_START. > */ > #define __addr_ok(addr) \ >- (((unsigned long)(addr) < (1UL<<48)) || \ >+ (((unsigned long)(addr) < (1UL<<47)) || \ > ((unsigned long)(addr) >= HYPERVISOR_VIRT_END)) > > #define access_ok(addr, size) \
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 385319
: 289309 |
289311