Bug 369531 - (CVE-2007-5498) CVE-2007-5498 missing sanity check in xen block backend driver
CVE-2007-5498 missing sanity check in xen block backend driver
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
x86_64 Linux
high Severity high
: ---
: ---
Assigned To: Gerd Hoffmann
Martin Jenner
impact=important,source=bz,reported=2...
: Security
Depends On: 378281 378291
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-07 07:17 EST by Gerd Hoffmann
Modified: 2009-09-10 12:25 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-10 12:25:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
suggested patch (against upstream mercurial repository). (1.18 KB, patch)
2007-11-07 07:17 EST, Gerd Hoffmann
no flags Details | Diff
patch version for rhe5.1 kernel (1.23 KB, patch)
2007-11-07 11:09 EST, Gerd Hoffmann
no flags Details | Diff

  None (edit)
Description Gerd Hoffmann 2007-11-07 07:17:24 EST
Description of problem:
The blkif_get_x86_32_req() and blkif_get_x86_64_req() functions don't
sanity-check the req->nr_segments value.

The functions are part of the 32-on-64 support.  They translate block I/O
request structs from 32bit ABI to 64bit ABI and visa versa.  They are used in
case 32bit paravirtualized guests (or 32bit hvm guests with pv-on-hvm drivers
installed) are running on a 64bit host.

Version-Release number of selected component (if applicable):
RHEL 5.1 kernel.
Comment 1 Gerd Hoffmann 2007-11-07 07:17:24 EST
Created attachment 250031 [details]
suggested patch (against upstream mercurial repository).
Comment 2 Gerd Hoffmann 2007-11-07 11:09:07 EST
Created attachment 250281 [details]
patch version for rhe5.1 kernel
Comment 3 Gerd Hoffmann 2007-11-07 11:11:14 EST
Hmm, /me can't ask for rhel‑5.1.z ack ...
Comment 8 Jan Lieskovsky 2008-04-22 03:23:11 EDT
Attaching link to upstream commit yet:

http://xenbits.xensource.com/linux-2.6.18-xen.hg?diff/cf8b6cafa2f0/include/xen/blkif.h
Comment 9 Chris Lalancette 2009-09-10 12:24:58 EDT
This patch was committed long ago; closing out this tracker bug.

Chris Lalancette

Note You need to log in before you can comment on or make changes to this bug.