oss-sec mailing list archives
Re: Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet
From: Ian Campbell <Ian.Campbell () citrix com>
Date: Tue, 25 Mar 2014 10:35:44 +0000
On Mon, 2014-03-24 at 15:47 -0400, cve-assign () mitre org wrote:
XSA-90it tries to disable the interface ... This involves taking a mutex ... sleeping is not allowed ... The end result is that the backend domain (often, Dom0) crashes with "scheduling while atomic". Malicious guest administrators can cause denial of service.Use CVE-2014-2580.
Thanks.
This bug was publicly reported on xen-devel, before it was appreciated that there was a security problem. The public mailing list thread nevertheless contains information strongly suggestive of a security bug, and a different security bug (with CVE) is suggested as seeming "similar".We didn't happen to notice a CVE ID of a similar bug within xen-devel.
The first mail in the thread (<5324B182.70905 () etorok net>) had a link to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701744#88 which was a bug relating to CVE-2013-0216.
In some cases, we would use that bug's CVE ID (if available) within a "NOTE:" sentence at the end of a new vulnerability's CVE description. http://lists.xen.org/archives/html/xen-devel/2014-03/msg02707.html says "by removing these checks we are introducing a way for a malicious or buggy guest to trigger misbehaviour in the backend, leading to e.g. a DoS" but we haven't tried to track down whether that is directly applicable.
This was review of a separate patch unrelated to the bug in question. HTH, Ian.
Current thread:
- Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet Xen . org security team (Mar 24)
- Re: Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet cve-assign (Mar 24)
- Re: Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet Ian Campbell (Mar 25)
- Re: Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet cve-assign (Mar 24)