The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| http://secunia.com/advisories/42789 | third party advisory |
| http://www.vupen.com/english/advisories/2011/0024 | vdb entry |
| http://www.redhat.com/support/errata/RHSA-2011-0004.html | vendor advisory |
| http://www.securityfocus.com/bid/45029 | vdb entry |
| http://www.securityfocus.com/archive/1/520102/100/0/threaded | mailing list |
| http://secunia.com/advisories/46397 | third party advisory |
| http://secunia.com/advisories/35093 | third party advisory vendor advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=656206 | patch |
| http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/77f831cbb91d | patch |
| http://www.openwall.com/lists/oss-security/2010/11/23/1 | mailing list patch |
| http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/7070d34f251c | patch |
| http://www.vmware.com/security/advisories/VMSA-2011-0012.html | |
| http://www.openwall.com/lists/oss-security/2010/11/24/8 | mailing list patch |