CVE-2013-0216 CVE-2013-0217
http://xenbits.xen.org/xsa/advisory-39.html
Linux netback DoS via malicious guest ring
The Xen netback implementation contains a couple of flaws which can allow a guest to cause a DoS in the backend domain, potentially affecting other domains in the system.
CVE-2013-0216 is a failure to sanity check the ring producer/consumer pointers which can allow a guest to cause netback to loop for an extended period preventing other work from occurring.
CVE-2013-0217 is a memory leak on an error path which is guest triggerable.
lack of check (garbage ring) & improper error handling (improper condition)
http://xenbits.xen.org/xsa/xsa39-classic-0001-xen-netback-garbage-ring.patch
netback: shutdown the ring if it contains garbage
http://xenbits.xen.org/xsa/xsa39-classic-0002-xen-netback-wrap-around.patch
netback: correct netbktxerr() to handle wrap around
--- a/drivers/xen/netback/netback.c
+++ b/drivers/xen/netback/netback.c
@@ -1011,7 +1011,7 @@ static void netbk_tx_err(netif_t *netif,
do {
make_tx_response(netif, txp, NETIF_RSP_ERROR);
- if (cons >= end)
+ if (cons == end)
break;
txp = RING_GET_REQUEST(&netif->tx, cons++);
} while (1);A malicious guest can mount a DoS affecting the entire system.
DoS