oss-sec mailing list archives
kernel: xen: CVE-2011-2901
From: Petr Matousek <pmatouse () redhat com>
Date: Tue, 30 Aug 2011 17:59:18 +0200
CVE-2011-2901 kernel: xen: off-by-one shift in x86_64 __addr_ok() The x86_64 __addr_ok() macro intends to ensure that the checked address is either in the positive half of the 48-bit virtual address space, or above the Xen-reserved area. However, the current shift count is off-by-one, allowing full access to the "negative half" too, via certain hypercalls which ignore virtual-address bits [63:48]. As a result, a malicious guest administrator on a vulnerable system is able to crash the host. Upstream status: This issue only affects very old hypervisors, Xen 3.3 and earlier. References: https://bugzilla.redhat.com/show_bug.cgi?id=728042 Thanks, -- Petr Matousek / Red Hat Security Response Team
Current thread:
- kernel: xen: CVE-2011-2901 Petr Matousek (Aug 30)