From ${URL}: ISSUE DESCRIPTION ================= The locks page_alloc_lock and mm_rwlock are not always taken in the same order. This raises the possibility of deadlock. The incorrect order occurs only in the implementation of the deprecated domctl hypercall XEN_DOMCTL_getmemlist. IMPACT ====== A malicious guest administrator may be able to deny service to the entire host.
Patches available at http://lists.xen.org/archives/html/xen-announce/2013-11/msg00008.html, see the bottom of the page.
CVE-2013-4553 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4553): The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock).
update status here, the fix already in following versions >=xen-4.3.0-r6.ebuild >=xen-4.3.1-r3.ebuild
Please advise when ready for stabilization on those version.
Fixed as part of Bug 500530. Adding to existing GLSA.
This issue was resolved and addressed in GLSA 201407-03 at http://security.gentoo.org/glsa/glsa-201407-03.xml by GLSA coordinator Mikle Kolyada (Zlogene).