William Pitcock
2008-Feb-10 05:37 UTC
[Pkg-xen-devel] Bug#464969: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege
Package: xen-hypervisor-3.2-1-i386 Version: 3.2-1 Severity: critical Tags: security Justification: DoS of entire system regardless of privilege When running the exploit listed in bug 464953 [1], Xen's memory state becomes corrupted and the hypervisor eventually crashes, taking all of the domU's with it. As such, this breaks operational behaviour, so I have marked this as critical. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464953 -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.18-4-xen-686 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash
Bastian Blank
2008-Feb-10 12:32 UTC
[Pkg-xen-devel] Bug#464969: Bug#464969: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege
tags 464969 moreinfo thanks On Sat, Feb 09, 2008 at 11:37:00PM -0600, William Pitcock wrote:> When running the exploit listed in bug 464953 [1], Xen's memory state > becomes corrupted and the hypervisor eventually crashes, taking all of > the domU's with it. As such, this breaks operational behaviour, so I have > marked this as critical.You have to show evidence that the Hypervisor crashed if the exploit runs in a domU. dom0 is special and can always crash the hypervisor. A stacktrace is usable to do this. Bastian -- I'm a soldier, not a diplomat. I can only tell the truth. -- Kirk, "Errand of Mercy", stardate 3198.9
Debian Bug Tracking System
2008-Feb-10 12:33 UTC
[Pkg-xen-devel] Processed: Re: Bug#464969: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege
Processing commands for control at bugs.debian.org:> tags 464969 moreinfoBug#464969: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege Tags were: security Tags added: moreinfo> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Debian Bug Tracking System
2008-Mar-03 10:42 UTC
[Pkg-xen-devel] Bug#464969: marked as done (xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege)
Your message dated Mon, 3 Mar 2008 11:36:47 +0100 with message-id <20080303103646.GA15782 at wavehammer.waldi.eu.org> and subject line Re: [Pkg-xen-devel] Bug#464969: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege has caused the Debian Bug report #464969, regarding xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 464969: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464969 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: William Pitcock <nenolod at sacredspiral.co.uk> Subject: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege Date: Sat, 09 Feb 2008 23:37:00 -0600 Size: 2102 Url: http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20080303/ad8ea89a/attachment.eml -------------- next part -------------- An embedded message was scrubbed... From: Bastian Blank <waldi at debian.org> Subject: Re: [Pkg-xen-devel] Bug#464969: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege Date: Mon, 3 Mar 2008 11:36:47 +0100 Size: 1932 Url: http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20080303/ad8ea89a/attachment-0001.eml