15 May
2026
15 May
'26
9:51 p.m.
I think your analysis to patch everywhere may be mistaken.
https://wiki.xenproject.org/wiki/Xen_FAQ_Design_and_in_Depth#How_does_Xen_p…
"Xen maintains two IDT's, one global IDT (its own) and other per domain
IDT. Xen uses global IDT to register the entire trap handler except for
system call handler (int 0x80). When a VM gets scheduled, its system
call handler (from per domain IDT table) is registered with the
processor. Hence when a domain/VM executes a system call, its own
handler is executed. "
IDT - Interrupt Descriptor Table (IDT)
https://xint.io/blog/copy-fail-linux-distributions
So, the scheduler puts in the IDT for the guest. The guest does a socket
open for copy/fail CVE. It seems that the socket system call will be
implemented by the Xen host hypervisor. Therefore, the patched hypervisor
will mark it dirty and the vulnerabiltiy mitigated.
Anybody want to try and find a contradiction?
Brian
On Sat, May 02, 2026 at 10:09:55AM -0700, Gary wrote:
It's a flaw in the kernel, so you have to patch
the kernel in anything that can run a shell where you don't want privilege escalation.
Which I would think is everywhere.
Have you seen any info on patch availability or what versions of Fedora and other distros
will have available patches?
I saw some instructions where you can disable a kernel module using modprobe to avoid the
vulnerability. There was no information on what functionality was affected by making the
change. It sounded like it reverted to doing the copy correctly, which would be a
relatively easy and low impact fix.
On Fri, May 01, 2026 at 05:54:26PM -0700, Brian E. Lavender wrote:
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
I take it most have heard about the copy fail
vulnerability if you have
local shell?
https://arstechnica.com/security/2026/04/as-the-most-severe-linux-threat-in…
I wonder if you patch the hypervisor when using PV guests if you have to
update the guests too?
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
--
-Gary
It is a simple thing to make things complex,
a complex thing to make things simple.
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com