NACK: [SRU][Mantic][PATCH 0/1] CVE-2023-34324
Roxana Nicolescu
roxana.nicolescu at canonical.com
Fri Jan 5 11:00:26 UTC 2024
On 04/01/2024 17:56, Bethany Jamison wrote:
> [Impact}
>
> Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation
> in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use
> this to cause a denial of service (paravirtualized device unavailability).
>
> [Fix]
>
> Clean cherry-pick.
>
> [Test Case]
>
> Compile and boot test.
>
> [Where problems could occur]
>
> Issues could occur when events happen.
>
> Juergen Gross (1):
> xen/events: replace evtchn_rwlock with RCU
>
> drivers/xen/events/events_base.c | 87 +++++++++++++++++---------------
> 1 file changed, 46 insertions(+), 41
>
This was applied from v6.5.7 stable update. I added the CVE number to
that commit.
More information about the kernel-team
mailing list