Summary: | app-emulation/xen, app-emulation/xen-tools: hugetlbfs use may crash PV Linux guests - XSA-174 (CVE-2016-3961) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Yury German <blueknight> |
Component: | Vulnerabilities | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hydrapolic, idella4, kernel |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | C3 [cve upstream] | ||
Package list: | Runtime testing required: | --- |
Description
Yury German
2016-04-05 05:06:32 UTC
CVE-2016-3961 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3961): Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. This patch is not for app-emulation/xen. The patch is a kernel patch Re-Assigning to kernel team. The patch is already present in
>=linux-3.2.81
>=linux-3.16.36
>=linux-3.18.33
>=linux-4.1.24
>=linux-4.4.9
however it is missing from LTS kernels
- linux-3.4
- linux-3.10
- linux-3.12
I contacted linux stable mailing list. Patch is already queued for next linux-3.10 kernel. So we should make a progress when the next LTS kernels are out.
Security, can you please close this obsolete one? Thanks |