Summary: | <app-emulation/xen-{4.2.3-r1,4.3.1-r5}: Double free in IRQ pass-through allocation (XSA-83) (CVE-2014-1642) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Chris Reffett (RETIRED) <creffett> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | idella4, xen |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/01/23/2 | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Chris Reffett (RETIRED)
2014-01-23 15:28:01 UTC
Patch available at http://xenbits.xen.org/xsa/xsa83.patch fixed, patch included in following versions app-emulation/xen-4.2.2-r3 app-emulation/xen-4.3.1-r4 (In reply to Yixun Lan from comment #2) > fixed, patch included in following versions > > app-emulation/xen-4.2.2-r3 > app-emulation/xen-4.3.1-r4 ready for go stable? CVE-2014-1642 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1642): The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free. (In reply to Mikle Kolyada from comment #3) > ready for go stable? I've reuqested a stable, see bug #500528, also bug #500530 Fixed as part of Bug 500530. Adding to existing GLSA. This issue was resolved and addressed in GLSA 201407-03 at http://security.gentoo.org/glsa/glsa-201407-03.xml by GLSA coordinator Mikle Kolyada (Zlogene). |