| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 20 Jun 2024 09:55:06 +0200 From: Juergen Gross <jgross@...e.com> To: cve@...nel.org, linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "security@...project.org" <security@...project.org> Subject: Re: CVE-2021-47575: xen/console: harden hvc_xen against event channel storms On 19.06.24 16:54, Greg Kroah-Hartman wrote: > Description > =========== > > In the Linux kernel, the following vulnerability has been resolved: > > xen/console: harden hvc_xen against event channel storms > > The Xen console driver is still vulnerable for an attack via excessive > number of events sent by the backend. Fix that by using a lateeoi event > channel. > > For the normal domU initial console this requires the introduction of > bind_evtchn_to_irq_lateeoi() as there is no xenbus device available > at the time the event channel is bound to the irq. > > As the decision whether an interrupt was spurious or not requires to > test for bytes having been read from the backend, move sending the > event into the if statement, as sending an event without having found > any bytes to be read is making no sense at all. > > This is part of XSA-391 When issuing XSA-391 the Xen security team already assigned CVE-2021-28713 to this issue. Juergen Download attachment "OpenPGP_0xB0DE9DD628BF132F.asc" of type "application/pgp-keys" (3684 bytes) Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (496 bytes)
Powered by blists - more mailing lists