Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 24 Nov 2010 08:06:00 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: xen: request-processing loop is
 unbounded in blkback

Please use CVE-2010-4247.

Thanks.

-- 
    JB


----- "Eugene Teo" <eugene@...hat.com> wrote:

> If the frontend pass a bad index of production request, the backend
> will 
> enter an endless loop and then cause a excessive CPU consumption. A
> Xen 
> guest can cause the Xen host to be unresponsive.
> 
> This issue has been fixed in upstream by:
> changeset:   391:77f831cbb91d
> user:        Keir Fraser <keir.fraser@...rix.com>
> date:        Fri Jan 18 16:52:25 2008 +0000
> summary:     blkback: Request-processing loop is unbounded and hence 
> requires a
> http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/77f831cbb91d
> 
> changeset:   392:7070d34f251c
> user:        Keir Fraser <keir.fraser@...rix.com>
> date:        Mon Jan 21 11:43:31 2008 +0000
> summary:     blkback/blktap: Check for kthread_should_stop() in inner
> loop,
> http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/7070d34f251c
> 
> Thanks, Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.