[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] kernel: xen: CVE-2011-2901
From: Petr Matousek <pmatouse () redhat ! com>
Date: 2011-08-30 15:59:18
Message-ID: 20110830155918.GH9091 () dhcp-25-225 ! brq ! redhat ! com
[Download RAW message or body]
CVE-2011-2901 kernel: xen: off-by-one shift in x86_64 __addr_ok()
The x86_64 __addr_ok() macro intends to ensure that the checked address
is either in the positive half of the 48-bit virtual address space, or
above the Xen-reserved area. However, the current shift count is
off-by-one, allowing full access to the "negative half" too, via
certain hypercalls which ignore virtual-address bits [63:48].
As a result, a malicious guest administrator on a vulnerable system is
able to crash the host.
Upstream status:
This issue only affects very old hypervisors, Xen 3.3 and earlier.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=728042
Thanks,
--
Petr Matousek / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic