Ian Campbell
2013-Feb-07 09:41 UTC
[PATCH v2 0/4] XSA-39 CVE-2013-021[67]: Linux netback DoS via malicious guest ring.
The Xen netback implementation contains a couple of flaws which can allow a guest to cause a DoS in the backend domain, potentially affecting other domains in the system. CVE-2013-0216 is a failure to sanity check the ring producer/consumer pointers which can allow a guest to cause netback to loop for an extended period preventing other work from occurring. CVE-2013-0217 is a memory leak on an error path which is guest triggerable. The following series contains the fixes for these issues, as previously included in Xen Security Advisory 39: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00001.html Changes in v2: - Typo and block comment format fixes - Added stable Cc
David Miller
2013-Feb-08 04:31 UTC
Re: [PATCH v2 0/4] XSA-39 CVE-2013-021[67]: Linux netback DoS via malicious guest ring.
From: Ian Campbell <Ian.Campbell@citrix.com> Date: Thu, 7 Feb 2013 09:41:18 +0000> The Xen netback implementation contains a couple of flaws which can > allow a guest to cause a DoS in the backend domain, potentially > affecting other domains in the system. > > CVE-2013-0216 is a failure to sanity check the ring producer/consumer > pointers which can allow a guest to cause netback to loop for an > extended period preventing other work from occurring. > > CVE-2013-0217 is a memory leak on an error path which is guest > triggerable. > > The following series contains the fixes for these issues, as previously > included in Xen Security Advisory 39: > http://lists.xen.org/archives/html/xen-announce/2013-02/msg00001.html > > Changes in v2: > - Typo and block comment format fixes > - Added stable CcApplied, please don''t add stable CC:''s to networking patches, instead ask me to queue it up to my -stable todo pile instead. I don''t like it when patches instantly be submitted to -stable when they hit Linus''s tree, I''d rather it soak upstream for a week or two instead. That''s why I do it this way. Thanks.
Ian Campbell
2013-Feb-08 07:54 UTC
Re: [PATCH v2 0/4] XSA-39 CVE-2013-021[67]: Linux netback DoS via malicious guest ring.
On Fri, 2013-02-08 at 04:31 +0000, David Miller wrote:> Applied, please don''t add stable CC:''s to networking patches, instead > ask me to queue it up to my -stable todo pile instead.Thanks & Ack.> I don''t like it when patches instantly be submitted to -stable when > they hit Linus''s tree, I''d rather it soak upstream for a week or two > instead. That''s why I do it this way.Very reasonable. Ian.