Ian Campbell
2013-Feb-06 17:18 UTC
[PATCH 0/4] XSA-39 CVE-2013-021[67]: Linux netback DoS via malicious guest ring.
The Xen netback implementation contains a couple of flaws which can allow a guest to cause a DoS in the backend domain, potentially affecting other domains in the system. CVE-2013-0216 is a failure to sanity check the ring producer/consumer pointers which can allow a guest to cause netback to loop for an extended period preventing other work from occurring. CVE-2013-0217 is a memory leak on an error path which is guest triggerable. The following series contains the fixes for these issues, as previously included in Xen Security Advisory 39: http://lists.xen.org/archives/html/xen-announce/2013-02/msg00001.html Ian.
Possibly Parallel Threads
- [PATCH 1/4] xen/netback: shutdown the ring if it contains garbage.
- [PATCH] netback: fix multi page ring size calculation.
- Xen Security Advisory 25 (CVE-2012-4544, CVE-2012-2625) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk
- [PATCH net-next 2/2] xen-netback: avoid allocating variable size array on stack
- Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk
Wisdom of the Ancients
