| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <68bb3ad7-521d-4518-8b98-835b57f17455@suse.com> Date: Wed, 26 Feb 2025 08:43:26 +0100 From: Juergen Gross <jgross@...e.com> To: cve@...nel.org, linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: Re: CVE-2022-49689: xen-blkfront: Handle NULL gendisk On 26.02.25 03:24, Greg Kroah-Hartman wrote: > Description > =========== > > In the Linux kernel, the following vulnerability has been resolved: > > xen-blkfront: Handle NULL gendisk > > When a VBD is not fully created and then closed, the kernel can have a > NULL pointer dereference: > > The reproducer is trivial: > > [user@...0 ~]$ sudo xl block-attach work backend=sys-usb vdev=xvdi target=/dev/sdz > [user@...0 ~]$ xl block-list work > Vdev BE handle state evt-ch ring-ref BE-path > 51712 0 241 4 -1 -1 /local/domain/0/backend/vbd/241/51712 > 51728 0 241 4 -1 -1 /local/domain/0/backend/vbd/241/51728 > 51744 0 241 4 -1 -1 /local/domain/0/backend/vbd/241/51744 > 51760 0 241 4 -1 -1 /local/domain/0/backend/vbd/241/51760 > 51840 3 241 3 -1 -1 /local/domain/3/backend/vbd/241/51840 > ^ note state, the /dev/sdz doesn't exist in the backend > > [user@...0 ~]$ sudo xl block-detach work xvdi Please revoke this CVE. As the reproducer recipe is clearly showing, the bug can be triggered by host admin actions only. There is no way an unprivileged user on the host or in the guest could trigger the issue. Juergen Download attachment "OpenPGP_0xB0DE9DD628BF132F.asc" of type "application/pgp-keys" (3684 bytes) Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (496 bytes)
Powered by blists - more mailing lists