Date: Tue, 30 Nov 2010 13:12:50 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: "Steven M. Christey" <coley@...us.mitre.org>, Marcus Meissner <meissner@...e.de> Subject: CVE request: xen: x86-64: don't crash Xen upon direct pv guest access handle_gdt_ldt_mapping_fault() is intended to deal with indirect accesses (i.e. those caused by descriptor loads) to the GDT/LDT mapping area only. While for 32-bit segment limits indeed prevent the function being entered for direct accesses (i.e. a #GP fault will be raised even before the address translation gets done, on 64-bit even user mode accesses would lead to control reaching the BUG_ON() at the beginning of that function. http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html https://bugzilla.redhat.com/show_bug.cgi?id=658155 Thanks, Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ