| Summary: | <app-emulation/xen-tools-{4.2.3-r1,4.3.1-r5}: use-after-free in xc_cpupool_getinfo() under memory pressure (XSA-88) (CVE-2014-1950) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Tobias Heinlein (RETIRED) <keytoaster> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | xen |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://xenbits.xen.org/xsa/advisory-88.html | ||
| Whiteboard: | B3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Tobias Heinlein (RETIRED)
2014-02-12 15:09:16 UTC
fixed in *xen-tools-4.3.1-r5 (13 Feb 2014) *xen-tools-4.2.2-r7 (13 Feb 2014) see bug #500530 Fixed as part of Bug 500530. Adding to existing GLSA. This issue was resolved and addressed in GLSA 201407-03 at http://security.gentoo.org/glsa/glsa-201407-03.xml by GLSA coordinator Mikle Kolyada (Zlogene). CVE-2014-1950 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1950): Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors. |
