oss-sec mailing list archives
Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls
From: cve-assign () mitre org
Date: Thu, 6 Feb 2014 12:23:40 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We can provide the three CVE assignments for XSA-84 (as well as the one CVE assignment for XSA-85 and the one CVE assignment for XSA-86). However, could you please clarify:
http://xenbits.xen.org/xsa/advisory-84.html
UPDATES IN VERSION 2 ==================== Public release. The patch for 4.1 was extended to cover a few further similar issues.
Here, was the original scope of "The patch for 4.1" (before it was
extended) exclusively:
"a different overflow issue on FLASK_{GET,SET}BOOL and expose
unreasonably large memory allocation to arbitrary guests"
? Or do you mean that, originally, the "patch for 4.1" addressed
another vulnerability, and this "different overflow issue" was one of
the version-2 extensions to the scope of XSA-84?
Incidentally, we believe we need three CVE IDs for the current XSA-84
content because of:
The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID
suboperations of the flask hypercall are vulnerable to an integer
overflow on the input size. The hypercalls attempt to allocate a
buffer which is 1 larger than this size and is therefore vulnerable to
integer overflow and an attempt to allocate then access a zero byte
buffer.
the first CVE assignment will cover this
Xen 3.3 through 4.1, while not affected by the above overflow, have a
different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably
large memory allocation to arbitrary guests.
a second CVE assignment will cover this second integer overflow (with different affected versions than the first)
Xen 3.2 (and presumably earlier) exhibit both problems, with the overflow issue being present for more than just the suboperations listed above.
the part of the 3.2 vulnerability associated with the first overflow,
for FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID, is
within the scope of the first CVE
the part of the 3.2 vulnerability associated with the second overflow,
for FLASK_{GET,SET}BOOL, is within the scope of the second CVE
all other vectors (e.g., other suboperations) that are applicable in
3.2, even if they are related to the first overflow or related to the
second overflow, will be covered by a third CVE
- --
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)
iQEcBAEBAgAGBQJS88RMAAoJEKllVAevmvmsHswIAMj0ZV70iAQsQPFw88gK8CfH
1l6e9PovP48waIROyLbsrJhlSe4ql5IWzMRVNosMrq/WStcF/bGXIKISV/VV5oEg
50AxrOI0U+aFNhIlkuOSfC+yuvMzwydPUPNCNZg/Oqxj0C9fzLkkWVlzvosqbwGm
24KuCbgKQKvFWHtadpLTSW3DNjfTS+YAol5PM1W4fJD2rLgYVyaOy/sh1JI2kdKy
RpsHH0uEmdf/8YdimJ4beFoxIzJVdnRbqsNIbJVudb9C4GpOK5NLdC+DNrUSIncP
hE2US1pv5W/VbAbUuy3kvEDe9HWW70yVkyXrWB9vDWhUDsLjiTgGN3doMtI1vds=
=xd2a
-----END PGP SIGNATURE-----
Current thread:
- Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls Xen . org security team (Feb 06)
- Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls cve-assign (Feb 06)
- Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls Jan Beulich (Feb 07)
- Re: Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls Źmicier Januszkiewicz (Feb 07)
- Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls Jan Beulich (Feb 07)
- Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls cve-assign (Feb 07)
- Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls cve-assign (Feb 06)