Re: CVE request -- Linux kernel: vhost: fix length for cross region descriptor

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/19/2013 05:41 PM, Petr Matousek wrote:
> If a single descriptor crosses a region, the second chunk length
> should be decremented by size translated so far, instead it
> includes the full descriptor length. A privileged guest user could
> use this flaw to crash the host or, potentially, corrupt host
> memory.
>
> Upstream fix: 
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=bd97120fc3d1a11f3124c7c9ba1d91f51829eb85
>
>  References: https://bugzilla.redhat.com/show_bug.cgi?id=912905
>
> Thanks,

Please use CVE-2013-0311 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRJByBAAoJEBYNRVNeJnmTea0P/1akjtxNBrfflQqyg4OgiTSE
lg81INRbEtk4Pxxlux9+2LeJhi3nnA/mx9+QJeSTNCbI3TLVCYf5tQYaafpIrs9p
Fw/+N1b6bvNxan/ipXKqBKss/ZI1vUp4k9uoiJSHU0TAGkYpNZVn2Jt2tcfcwuFz
vJL9EFmQPlFV8MLPAIX1hfR/WxRCqrylfmFlIFdgDWZU+K9LKbEvZSmUR+uWWNt8
QKP55vpsxJ1wVIgdmsTMooAZRk2PXizBgDDeFp1U0+6YCSzDjKouqKqVLwTGx4B3
xIC+ghoPsF+utECY8xNbK5gkh1OSitOC0eWghlwJuE0jpwpyaoJT1OoOKEIM+Ntm
RXLUTKx0qKhrvX2z6r5H9++RcVUf4CpQzJylEdUrerp5r/RBKEtHoGkBNVc1OL3b
EC5AiYuyodWHtT8nb3WcDIKEmMAh+QZqJJ/rWZCtmWWB2zFbjp/V0eNFBSVpH7Wm
kLLODBaqE0eRpXaBrJR6oRKT4XWhSd88pL9LlaH2lskUYcnpZysu+cDdNcEa5kLI
IIm4xKjZfyA5hYCPXsx+uQi3URaowo6CfOAJcdkGc9VhgIfOg/swf9OWJVMZKV1p
O8Ay3Bg5OoIhsTTfubvOF7t+0pjfhD4a00gmVxaU2nAwFxX2wZiGp3rmA5W1uagh
2dEHCTtkOWMYYG631iLS
=WntS
-----END PGP SIGNATURE-----