oss-sec mailing list archives
[vendor-sec] [oss-security] New Xen ioemu: PVFB backend issue
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 21 May 2008 19:15:00 +0200
Hello guys, on May the 15th, the following report has been posted to the xen-unstable list: Problem description: ==================== ioemu: Fix PVFB backend to limit frame buffer size The recent fix to validate the frontend's frame buffer description neglected to limit the frame buffer size correctly. This lets a malicious frontend make the backend attempt to map an arbitrary amount of guest memory, which could be useful for a denial of service attack against dom0. Proposed fix: ============ http://xenbits.xensource.com/xen-unstable.hg?rev/9044705960cb30cec385bdca7305bcf7db096721 As this vulnerability has security implications, we have assigned CVE-2008-1952 to it. Please use it when referring to this issue. Kind regards Jan iankko Lieskovsky RH kernel Security Response Team
Current thread:
- [vendor-sec] [oss-security] New Xen ioemu: PVFB backend issue Jan Lieskovsky (May 21)
- Re: New Xen ioemu: PVFB backend issue Nico Golde (Jun 19)
- Re: New Xen ioemu: PVFB backend issue Steven M. Christey (Jun 23)
- Re: [vendor-sec] Re: [oss-security] New Xen ioemu: PVFB backend issue Robert Buchholz (Jun 24)
- Re: New Xen ioemu: PVFB backend issue Steven M. Christey (Jun 23)
- Re: New Xen ioemu: PVFB backend issue Nico Golde (Jun 19)