CVE-2007-5498

Priority
Low
Description
The Xen hypervisor block backend driver for Linux kernel 2.6.18, when
running on a 64-bit host with a 32-bit paravirtualized guest, allows local
privileged users in the guest OS to cause a denial of service (host OS
crash) via a request that specifies a large number of blocks.
Ubuntu-Description
It was discovered that the Xen hypervisor block driver did not correctly
validate requests. A user with root privileges in a guest OS could make
a malicious IO request with a large number of blocks that would crash the
host OS, leading to a denial of service. This only affected Ubuntu 7.10.
References
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):not-affected (kernel code only)
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):not-affected (kernel code only)
Package
Upstream:pending
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:not-affected
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Source: kvm (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Package
Source: linux (LP Ubuntu Debian)
Upstream:not-affected (Xen patch)
Ubuntu 8.04 LTS (Hardy Heron):not-affected (released with fixes)
Package
Source: qemu (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Package
Upstream:not-affected (Xen patch)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Patches:
Vendor:http://xenbits.xensource.com/linux-2.6.18-xen.hg?diff/cf8b6cafa2f0/include/xen/blkif.h
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:18:17 UTC (commit 5347)