Ian Campbell writes ("Re: Backport request "libxl: In libxl_set_vcpuonline
check for maximum number of VCPUs against the cpumap." (Was: Re: [Bug report]
Security issue in "xl vcpu-set")"):
> On Mon, 2015-06-08 at 11:35 +0100, Ian Jackson wrote:
> > I'm afraid I'm still not clear about when the failure can be triggered
> > by an attacker.
>
> I was able to reproduce by pressing a key at a pygrub prompt to drop to
> a prompt and then leaving the guest in that state, where the domain
> exists but does not yet have any vcpus etc.
OK, then the fix should be backported.
The next question is whether there should be an advisory.
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
