The Xen hypervisor block backend driver for Linux kernel 2.6.18, when
running on a 64-bit host with a 32-bit paravirtualized guest, allows local
privileged users in the guest OS to cause a denial of service (host OS
crash) via a request that specifies a large number of blocks.
It was discovered that the Xen hypervisor block driver did not correctly
validate requests. A user with root privileges in a guest OS could make
a malicious IO request with a large number of blocks that would crash the
host OS, leading to a denial of service. This only affected Ubuntu 7.10.
Updated: 2015-10-17 03:28:45 UTC (commit 10086)