Salvatore Bonaccorso
2015-Sep-27 07:24 UTC
[Pkg-xen-devel] Bug#800128: xen: CVE-2015-6654: printk is not rate-limited in xenmem_add_to_physmap_one
Source: xen Version: 4.4.1-9 Severity: normal Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for xen. CVE-2015-6654[0]: | The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, | 4.4.x, and earlier does not limit the number of printk console | messages when reporting a failure to retrieve a reference on a foreign | page, which allows remote domains to cause a denial of service by | leveraging permissions to map the memory of a foreign guest. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-6654 [1] http://xenbits.xen.org/xsa/advisory-141.html Regards, Salvatore
Debian Bug Tracking System
2016-Dec-21 16:00 UTC
[Pkg-xen-devel] Bug#800128: marked as done (xen: CVE-2015-6654: printk is not rate-limited in xenmem_add_to_physmap_one)
Your message dated Wed, 21 Dec 2016 15:58:22 +0000 with message-id <22618.42654.269511.450718 at mariner.uk.xensource.com> and subject line Bug#800128: Fixed in 4.8 at least has caused the Debian Bug report #800128, regarding xen: CVE-2015-6654: printk is not rate-limited in xenmem_add_to_physmap_one to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 800128: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800128 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Salvatore Bonaccorso <carnil at debian.org> Subject: xen: CVE-2015-6654: printk is not rate-limited in xenmem_add_to_physmap_one Date: Sun, 27 Sep 2015 09:24:40 +0200 Size: 2429 URL: <http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20161221/782e5f51/attachment.mht> -------------- next part -------------- An embedded message was scrubbed... From: Ian Jackson <ian.jackson at eu.citrix.com> Subject: Bug#800128: Fixed in 4.8 at least Date: Wed, 21 Dec 2016 15:58:22 +0000 Size: 1573 URL: <http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20161221/782e5f51/attachment-0001.mht>
Apparently Analagous Threads
- [PATCH] xen/arm: add_to_physmap_one: Avoid to map mfn 0 if an error occurs
- Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)
- Bug#1033297: xen: CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334
- Sorry to be a pest, but -- pull request nag: 6654, PostgreSQL auto-reconnect fix
- Bug#784011: xen: CVE-2015-3340: Information leak through XEN_DOMCTL_gettscinfo (XSA-132)