The Xen hypervisor block backend driver for Linux kernel 2.6.18, when
running on a 64-bit host with a 32-bit paravirtualized guest, allows local
privileged users in the guest OS to cause a denial of service (host OS
crash) via a request that specifies a large number of blocks.
It was discovered that the Xen hypervisor block driver did not correctly
validate requests. A user with root privileges in a guest OS could make
a malicious IO request with a large number of blocks that would crash the
host OS, leading to a denial of service. This only affected Ubuntu 7.10.
Updated: 2016-01-26 17:29:37 UTC (commit 10507)