search for: xen_sysctl_getdomaininfolist

...pstream patch fixed-upstream Hi, the following vulnerability was published for xen. CVE-2015-3340[0]: | Xen 4.2.x through 4.5.x does not initialize certain fields, which | allows certain remote service domains to obtain sensitive information | from memory via a (1) XEN_DOMCTL_gettscinfo or (2) | XEN_SYSCTL_getdomaininfolist request. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3340 [1] http://xenbits.xen.org/xsa/advisory-132.html Please...

...L_" # _sysctl, \ + (Addr)&sysctl->u._union._field, \ + sizeof(sysctl->u._union._field)) +#define PRE_XEN_SYSCTL_READ(_sysctl, _field) \ + __PRE_XEN_SYSCTL_READ(_sysctl, _sysctl, _field) + + switch (sysctl->cmd) { + case XEN_SYSCTL_getdomaininfolist: + PRE_XEN_SYSCTL_READ(getdomaininfolist, first_domain); + PRE_XEN_SYSCTL_READ(getdomaininfolist, max_domains); + PRE_XEN_SYSCTL_READ(getdomaininfolist, buffer); + break; + + case XEN_SYSCTL_cpupool_op: + PRE_XEN_SYSCTL_READ(cpupool_op, op); + + switch(sysctl->u.c...