CVE-2007-5498

Published: 07 May 2008

The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a request that specifies a large number of blocks.

From the Ubuntu security team

It was discovered that the Xen hypervisor block driver did not correctly validate requests. A user with root privileges in a guest OS could make a malicious IO request with a large number of blocks that would crash the host OS, leading to a denial of service. This only affected Ubuntu 7.10.

Priority

Low

Status

Package Release Status
kvm
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

linux
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(Xen patch)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

linux-source-2.6.22
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(Xen patch)
Patches:
Vendor: http://xenbits.xensource.com/linux-2.6.18-xen.hg?diff/cf8b6cafa2f0/include/xen/blkif.h
qemu
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

xen-3.0
Launchpad, Ubuntu, Debian
Upstream Needed

xen-3.1
Launchpad, Ubuntu, Debian
Upstream Needed

xen-3.2
Launchpad, Ubuntu, Debian
Upstream Needed

xen-3.3
Launchpad, Ubuntu, Debian
Upstream Pending