lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <2024102152-stinky-tiger-4e51@gregkh>
Date: Mon, 21 Oct 2024 14:58:14 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Juergen Gross <jgross@...e.com>
Cc: cve@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: CVE-2024-47722: xen: use correct end address of kernel for
 conflict checking

On Mon, Oct 21, 2024 at 02:35:16PM +0200, Juergen Gross wrote:
> On 21.10.24 14:16, Greg Kroah-Hartman wrote:
> > Description
> > ===========
> > 
> > In the Linux kernel, the following vulnerability has been resolved:
> > 
> > xen: use correct end address of kernel for conflict checking
> > 
> > When running as a Xen PV dom0 the kernel is loaded by the hypervisor
> > using a different memory map than that of the host. In order to
> > minimize the required changes in the kernel, the kernel adapts its
> > memory map to that of the host. In order to do that it is checking
> > for conflicts of its load address with the host memory map.
> > 
> > Unfortunately the tested memory range does not include the .brk
> > area, which might result in crashes or memory corruption when this
> > area does conflict with the memory map of the host.
> > 
> > Fix the test by using the _end label instead of __bss_stop.
> > 
> > The Linux kernel CVE team has assigned CVE-2024-47722 to this issue.
> 
> I fail to see how an unprivileged user could cause any harm here.
> 
> This bug is affecting the guest only, so only the guest admin can cause
> harm to the guest at will via a special kernel. IMHO nothing CVE-worthy
> here.

Ah, I thought this could affect the host, sorry about that.

> So I'd like to ask for this CVE being revoked.

Now revoked!

thanks for the review.

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ