oss-sec mailing list archives
Re: CVE request -- Linux kernel: vhost: fix length for cross region descriptor
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 19 Feb 2013 17:44:49 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/19/2013 05:41 PM, Petr Matousek wrote:
If a single descriptor crosses a region, the second chunk length should be decremented by size translated so far, instead it includes the full descriptor length. A privileged guest user could use this flaw to crash the host or, potentially, corrupt host memory. Upstream fix: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=bd97120fc3d1a11f3124c7c9ba1d91f51829eb85 References: https://bugzilla.redhat.com/show_bug.cgi?id=912905 Thanks,
Please use CVE-2013-0311 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRJByBAAoJEBYNRVNeJnmTea0P/1akjtxNBrfflQqyg4OgiTSE lg81INRbEtk4Pxxlux9+2LeJhi3nnA/mx9+QJeSTNCbI3TLVCYf5tQYaafpIrs9p Fw/+N1b6bvNxan/ipXKqBKss/ZI1vUp4k9uoiJSHU0TAGkYpNZVn2Jt2tcfcwuFz vJL9EFmQPlFV8MLPAIX1hfR/WxRCqrylfmFlIFdgDWZU+K9LKbEvZSmUR+uWWNt8 QKP55vpsxJ1wVIgdmsTMooAZRk2PXizBgDDeFp1U0+6YCSzDjKouqKqVLwTGx4B3 xIC+ghoPsF+utECY8xNbK5gkh1OSitOC0eWghlwJuE0jpwpyaoJT1OoOKEIM+Ntm RXLUTKx0qKhrvX2z6r5H9++RcVUf4CpQzJylEdUrerp5r/RBKEtHoGkBNVc1OL3b EC5AiYuyodWHtT8nb3WcDIKEmMAh+QZqJJ/rWZCtmWWB2zFbjp/V0eNFBSVpH7Wm kLLODBaqE0eRpXaBrJR6oRKT4XWhSd88pL9LlaH2lskUYcnpZysu+cDdNcEa5kLI IIm4xKjZfyA5hYCPXsx+uQi3URaowo6CfOAJcdkGc9VhgIfOg/swf9OWJVMZKV1p O8Ay3Bg5OoIhsTTfubvOF7t+0pjfhD4a00gmVxaU2nAwFxX2wZiGp3rmA5W1uagh 2dEHCTtkOWMYYG631iLS =WntS -----END PGP SIGNATURE-----
Current thread:
- CVE request -- Linux kernel: vhost: fix length for cross region descriptor Petr Matousek (Feb 19)
- Re: CVE request -- Linux kernel: vhost: fix length for cross region descriptor Kurt Seifried (Feb 19)