Home page logo
/

oss-sec logo oss-sec mailing list archives

kernel: xen: CVE-2011-2901
From: Petr Matousek <pmatouse () redhat com>
Date: Tue, 30 Aug 2011 17:59:18 +0200

CVE-2011-2901 kernel: xen: off-by-one shift in x86_64 __addr_ok()

The x86_64 __addr_ok() macro intends to ensure that the checked address
is either in the positive half of the 48-bit virtual address space, or
above the Xen-reserved area. However, the current shift count is
off-by-one, allowing full access to the "negative half" too, via
certain hypercalls which ignore virtual-address bits [63:48]. 

As a result, a malicious guest administrator on a vulnerable system is
able to crash the host.

Upstream status: 
This issue only affects very old hypervisors, Xen 3.3 and earlier.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=728042

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
  • kernel: xen: CVE-2011-2901 Petr Matousek (Aug 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault