Bug#464969: [Pkg-xen-devel] Bug#464969: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege

On Sun, 2008-02-10 at 20:11 +, Samuel Thibault wrote: > The question was rather whether the exploit was run in dom0 or in a domU Yes. It was run in a domU. However, after upgrading to latest Xen (hg tip), I have not been able to reproduce the crash. It happens reliably on the Xen provided in E

Bug#464969: [Pkg-xen-devel] Bug#464969: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege

William Pitcock, le Sun 10 Feb 2008 13:55:01 -0600, a écrit : > On Sun, 2008-02-10 at 14:40 +0100, Bastian Blank wrote: > > On Sun, Feb 10, 2008 at 06:56:59AM -0600, William Pitcock wrote: > > > I'm sorry but I cannot provide evidence because it would involve > > > crashing a production machine. Us

Bug#464969: [Pkg-xen-devel] Bug#464969: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege

Hi, On Sun, 2008-02-10 at 14:40 +0100, Bastian Blank wrote: > On Sun, Feb 10, 2008 at 06:56:59AM -0600, William Pitcock wrote: > > I'm sorry but I cannot provide evidence because it would involve > > crashing a production machine. Users of said machine are already annoyed > > that it crashed the f

Bug#464969: [Pkg-xen-devel] Bug#464969: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege

William Pitcock, le Sun 10 Feb 2008 06:56:59 -0600, a écrit : > On Sun, 2008-02-10 at 13:32 +0100, Bastian Blank wrote: > > You have to show evidence that the Hypervisor crashed if the exploit > > runs in a domU. dom0 is special and can always crash the hypervisor. A > > stacktrace is usable to do

Bug#464969: [Pkg-xen-devel] Bug#464969: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege

On Sun, Feb 10, 2008 at 06:56:59AM -0600, William Pitcock wrote: > I'm sorry but I cannot provide evidence because it would involve > crashing a production machine. Users of said machine are already annoyed > that it crashed the first time. Okay. Where did you run the exploit the first time? > Th

Bug#464969: [Pkg-xen-devel] Bug#464969: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege

Hi, On Sun, 2008-02-10 at 13:32 +0100, Bastian Blank wrote: > You have to show evidence that the Hypervisor crashed if the exploit > runs in a domU. dom0 is special and can always crash the hypervisor. A > stacktrace is usable to do this. I'm sorry but I cannot provide evidence because it would i

Bug#464969: [Pkg-xen-devel] Bug#464969: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege

tags 464969 moreinfo thanks On Sat, Feb 09, 2008 at 11:37:00PM -0600, William Pitcock wrote: > When running the exploit listed in bug 464953 [1], Xen's memory state > becomes corrupted and the hypervisor eventually crashes, taking all of > the domU's with it. As such, this breaks operational behav

Bug#464969: xen-hypervisor-3.2-1-i386: Linux mmap()/vmsplice() exploit causes memory map corruption in hypervisor regardless of domain privilege

Package: xen-hypervisor-3.2-1-i386 Version: 3.2-1 Severity: critical Tags: security Justification: DoS of entire system regardless of privilege When running the exploit listed in bug 464953 [1], Xen's memory state becomes corrupted and the hypervisor eventually crashes, taking all of the domU's wi