Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 212429 (CVE-2008-0928) - app-emulation/xen Qemu: insufficient block device address range checking (CVE-2008-0928)
Summary: app-emulation/xen Qemu: insufficient block device address range checking (CVE...
Status: RESOLVED OBSOLETE
Alias: CVE-2008-0928
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://marc.info/?l=debian-security&m...
Whiteboard: ~2 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-03-05 20:51 UTC by Robert Buchholz (RETIRED)
Modified: 2013-08-28 01:51 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-03-05 20:51:13 UTC 
+++ This bug was initially created as a clone of Bug #212351 +++

Ian Jackson discovered that accesses beyond end of qemu emulated disk devices
can result in accesses to emulator's virtual memory space accesses and thus can
allow user with sufficient privilege in guest (root, as this would need
modification to kernel's driver) to break out of VM.

Solution:
apply Patch: https://bugzilla.redhat.com/attachment.cgi?id=296005
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-03-05 20:51:48 UTC 
This is for tracking the Qemu bug in Xen.
Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-07-06 18:05:53 UTC 
any news here?
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-09-19 21:37:57 UTC 
(In reply to comment #2)
> any news here?
> 

*ping*
Comment 4 Doug Goldstein (RETIRED) gentoo-dev 2013-08-28 01:20:48 UTC 
@security: ~5 year ping. Most likely this was Xen 3.0.
Comment 5 Chris Reffett (RETIRED) gentoo-dev Security 2013-08-28 01:51:04 UTC 
5 year old, package long gone -> RESO OBSOLETE