[Pkg-xen-devel] Bug#464969: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege

William Pitcock nenolod at sacredspiral.co.uk
Sun Feb 10 05:37:00 UTC 2008


Package: xen-hypervisor-3.2-1-i386
Version: 3.2-1
Severity: critical
Tags: security
Justification: DoS of entire system regardless of privilege

When running the exploit listed in bug 464953 [1], Xen's memory state
becomes corrupted and the hypervisor eventually crashes, taking all of
the domU's with it. As such, this breaks operational behaviour, so I have
marked this as critical.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464953

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-4-xen-686 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash





More information about the Pkg-xen-devel mailing list