[Pkg-xen-devel] Bug#464969: Bug#464969: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege
Samuel Thibault
samuel.thibault at eu.citrix.com
Sun Feb 10 20:11:56 UTC 2008
William Pitcock, le Sun 10 Feb 2008 13:55:01 -0600, a écrit :
> On Sun, 2008-02-10 at 14:40 +0100, Bastian Blank wrote:
> > On Sun, Feb 10, 2008 at 06:56:59AM -0600, William Pitcock wrote:
> > > I'm sorry but I cannot provide evidence because it would involve
> > > crashing a production machine. Users of said machine are already annoyed
> > > that it crashed the first time.
> >
> > Okay. Where did you run the exploit the first time?
>
> On one of my production servers to see if I was vulnerable. The
> configuration of which is:
>
> * 4 Intel Xeon Processors (old P4 kind)
> * 4GB RAM
> * 15 Xen domains
>
> I hope that it a useful enough description.
The question was rather whether the exploit was run in dom0 or in a domU
> > On a x86_64 machine, it just raises a GPF.
>
> Are you sure? Because I'm pretty sure the exploit caused Xen (or at
> least the dom0) to crash even though it was run in a domU.
So the exploit was really run in a domU?
If so, yes we have a problem :)
Samuel
More information about the Pkg-xen-devel
mailing list