Summary: | app-emulation/xen <=3.1.2(ia64) vulnerability of copy_to_user in PAL emulation (CVE-2007-6416) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Lars Hartmann <lars> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | xen |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6416 | ||
Whiteboard: | ~2 [ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
Lars Hartmann
2007-12-18 07:42:05 UTC
The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations. Solution: Apply Patch: http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7 Maintainers - please advice The Xen ebuilds do not currently support ia64, only x86 and amd64. So this is a non-issue for Gentoo. (In reply to comment #3) > The Xen ebuilds do not currently support ia64, only x86 and amd64. So this is a > non-issue for Gentoo. > Thanks for the info, closing as INVALID. |