[Pkg-xen-devel] Bug#451626: Bug#451626: CVE-2007-5907, CVE-2007-5906 possible denial of service vulnerability
Bastian Blank
waldi at debian.org
Sun Nov 18 20:16:32 UTC 2007
On Sat, Nov 17, 2007 at 04:39:27PM +0100, Nico Golde wrote:
> CVE-2007-5907[0]:
> | Xen 3.1.1 does not prevent modification of the CR4 TSC from
> | applications, which allows pv guests to cause a denial of service
> | (crash).
Submitted patch looks too different to applied version. Not reviewed.
Postponed until someone shows that it is a crash in the hypervisor, the
commit is not marked as security fix.
> CVE-2007-5906[1]:
> | Xen 3.1.1 allows virtual guest system users to cause a
> | denial of service (hypervisor crash) by using a debug
> | register (DR7) to set certain breakpoints.
Fixed in xen-3.1-testing.hg in changeset 15493:27347d6d73a3, included in
3.1.2.
Bastian
--
Extreme feminine beauty is always disturbing.
-- Spock, "The Cloud Minders", stardate 5818.4
More information about the Pkg-xen-devel
mailing list