CVE-2007-5498 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5498): The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a request that specifies a large number of blocks.
Created attachment 152507 [details, diff] linux-2.6-xen-check-num-of-segments-in-block-backend-driver.patch Extracted from kernel-2.6.18-53.1.19.el5.src.rpm
(In reply to comment #1) > Created an attachment (id=152507) [edit] > linux-2.6-xen-check-num-of-segments-in-block-backend-driver.patch > > Extracted from kernel-2.6.18-53.1.19.el5.src.rpm > Our 2.6.18 kernel is currently based on the upstream kernel for Xen 3.2.0 which should already have the above patch. It looks like our 2.6.20 and 2.6.21 kernels need the fix though.
Please update to recent kernel and check if bug still hapens. Latest stable is 2.6.31. Otherwise, please close.
