Re: CVE-2021-47573: xen/blkfront: harden blkfront against event channel storms

From: Juergen Gross
Date: Thu Jun 20 2024 - 03:53:16 EST

Next message: Arnd Bergmann: "Re: FYI: path walking optimizations pending for 6.11"
Previous message: Miguel Ojeda: "Re: [PATCH] rust: alloc: Fix unused import warning"
Next in thread: Greg Kroah-Hartman: "Re: CVE-2021-47573: xen/blkfront: harden blkfront against event channel storms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 19.06.24 16:54, Greg Kroah-Hartman wrote:

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

xen/blkfront: harden blkfront against event channel storms

The Xen blkfront driver is still vulnerable for an attack via excessive
number of events sent by the backend. Fix that by using lateeoi event
channels.

This is part of XSA-391

The Linux kernel CVE team has assigned CVE-2021-47573 to this issue.

When issuing XSA-391 the Xen security team already assigned CVE-2021-28711
to this issue.

Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Next message: Arnd Bergmann: "Re: FYI: path walking optimizations pending for 6.11"
Previous message: Miguel Ojeda: "Re: [PATCH] rust: alloc: Fix unused import warning"
Next in thread: Greg Kroah-Hartman: "Re: CVE-2021-47573: xen/blkfront: harden blkfront against event channel storms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]