Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 212429 (CVE-2008-0928)

Summary: app-emulation/xen Qemu: insufficient block device address range checking (CVE-2008-0928)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED OBSOLETE    
Severity: trivial CC: xen
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://marc.info/?l=debian-security&m=120343592917055&w=2
Whiteboard: ~2 [ebuild]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2008-03-05 20:51:13 UTC 
+++ This bug was initially created as a clone of Bug #212351 +++

Ian Jackson discovered that accesses beyond end of qemu emulated disk devices
can result in accesses to emulator's virtual memory space accesses and thus can
allow user with sufficient privilege in guest (root, as this would need
modification to kernel's driver) to break out of VM.

Solution:
apply Patch: https://bugzilla.redhat.com/attachment.cgi?id=296005
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-03-05 20:51:48 UTC 
This is for tracking the Qemu bug in Xen.
Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-07-06 18:05:53 UTC 
any news here?
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-09-19 21:37:57 UTC 
(In reply to comment #2)
> any news here?
> 

*ping*
Comment 4 Doug Goldstein (RETIRED) gentoo-dev 2013-08-28 01:20:48 UTC 
@security: ~5 year ping. Most likely this was Xen 3.0.
Comment 5 Chris Reffett (RETIRED) gentoo-dev Security 2013-08-28 01:51:04 UTC 
5 year old, package long gone -> RESO OBSOLETE