oss-sec mailing list archives

Re: CVE request: xen: x86-64: don't crash Xen upon direct pv guest access

From: Josh Bressers <bressers () redhat com>
Date: Tue, 30 Nov 2010 10:42:37 -0500 (EST)

Please use CVE-2010-4255 for this.

Thanks.

-- 
    JB


----- "Eugene Teo" <eugene () redhat com> wrote:

handle_gdt_ldt_mapping_fault() is intended to deal with indirect 
accesses (i.e. those caused by descriptor loads) to the GDT/LDT
mapping 
area only. While for 32-bit segment limits indeed prevent the function

being entered for direct accesses (i.e. a #GP fault will be raised
even 
before the address translation gets done, on 64-bit even user mode 
accesses would lead to control reaching the BUG_ON() at the beginning
of 
that function.

http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html
https://bugzilla.redhat.com/show_bug.cgi?id=658155

Thanks, Eugene

Current thread:

CVE request: xen: x86-64: don't crash Xen upon direct pv guest access Eugene Teo (Nov 29)
- Re: CVE request: xen: x86-64: don't crash Xen upon direct pv guest access Josh Bressers (Nov 30)