Bug 220973 (CVE-2007-5498)

Summary:

sys-kernel/xen-sources-2.6.18 block backend dom0 crash (CVE-2007-5498)

Product:

Gentoo Security

Reporter:

Robert Buchholz (RETIRED) <rbu>

Component:

Kernel

Assignee:

Gentoo Security <security>

Status:

RESOLVED FIXED

Severity:

normal

CC:

dhp_gentoo, xen

Priority:

High

Version:

unspecified

Hardware:

All

OS:

Linux

Whiteboard:

Package list:

Runtime testing required:

---

Attachments:

Description	Flags
linux-2.6-xen-check-num-of-segments-in-block-backend-driver.patch	none

Description Robert Buchholz (RETIRED) gentoo-dev

2008-05-08 18:13:55 UTC

CVE-2007-5498 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5498):
  The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running
  on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged
  users in the guest OS to cause a denial of service (host OS crash) via a
  request that specifies a large number of blocks.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-05-08 19:34:01 UTC

Created attachment 152507 [details, diff]
linux-2.6-xen-check-num-of-segments-in-block-backend-driver.patch

Extracted from kernel-2.6.18-53.1.19.el5.src.rpm

Comment 2 Micheal Marineau (RETIRED) gentoo-dev

2008-05-08 19:40:20 UTC

(In reply to comment #1)
> Created an attachment (id=152507) [edit]
> linux-2.6-xen-check-num-of-segments-in-block-backend-driver.patch
> 
> Extracted from kernel-2.6.18-53.1.19.el5.src.rpm
> 

Our 2.6.18 kernel is currently based on the upstream kernel for Xen 3.2.0 which should already have the above patch. It looks like our 2.6.20 and 2.6.21 kernels need the fix though.

Comment 3 DEMAINE Benoît-Pierre, aka DoubleHP 2010-02-27 23:46:11 UTC

Please update to recent kernel and check if bug still hapens. Latest stable is 2.6.31. Otherwise, please close.