'[oss-security] [vendor-sec] [oss-security] New Xen ioemu: PVFB backend issue'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] [vendor-sec] [oss-security] New Xen ioemu: PVFB backend issue
From:       Jan Lieskovsky <jlieskov () redhat ! com>
Date:       2008-05-21 17:15:00
Message-ID: 1211390100.7929.6.camel () dhcp-lab-164 ! englab ! brq ! redhat ! com
[Download RAW message or body]

Hello guys,

  on May the 15th, the following report has been posted to the
xen-unstable list:

Problem description:
====================

ioemu: Fix PVFB backend to limit frame buffer size

The recent fix to validate the frontend's frame buffer description
neglected to limit the frame buffer size correctly. This lets a
malicious frontend make the backend attempt to map an arbitrary amount
of guest memory, which could be useful for a denial of service attack
against dom0.

Proposed fix:
============

http://xenbits.xensource.com/xen-unstable.hg?rev/9044705960cb30cec385bdca7305bcf7db096721

As this vulnerability has security implications, we have assigned
CVE-2008-1952 to it. Please use it when referring to this issue.

Kind regards
Jan iankko Lieskovsky
RH kernel Security Response Team

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic