[Pkg-xen-devel] Bug#464969: Bug#464969: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege

Bastian Blank waldi at debian.org
Sun Feb 10 12:32:04 UTC 2008

tags 464969 moreinfo

On Sat, Feb 09, 2008 at 11:37:00PM -0600, William Pitcock wrote:
> When running the exploit listed in bug 464953 [1], Xen's memory state
> becomes corrupted and the hypervisor eventually crashes, taking all of
> the domU's with it. As such, this breaks operational behaviour, so I have
> marked this as critical.

You have to show evidence that the Hypervisor crashed if the exploit
runs in a domU. dom0 is special and can always crash the hypervisor. A
stacktrace is usable to do this.


I'm a soldier, not a diplomat.  I can only tell the truth.
		-- Kirk, "Errand of Mercy", stardate 3198.9

More information about the Pkg-xen-devel mailing list