The locks page_alloc_lock and mm_rwlock are not always taken in
the same order. This raises the possibility of deadlock.
The incorrect order occurs only in the implementation of the
deprecated domctl hypercall XEN_DOMCTL_getmemlist.
A malicious guest administrator may be able to deny service to the
Patches available at http://lists.xen.org/archives/html/xen-announce/2013-11/msg00008.html, see the bottom of the page.
The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly
4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same
order, which allows local guest administrators to cause a denial of service
update status here, the fix already in following versions
Please advise when ready for stabilization on those version.
Fixed as part of Bug 500530.
Adding to existing GLSA.
This issue was resolved and addressed in
GLSA 201407-03 at http://security.gentoo.org/glsa/glsa-201407-03.xml
by GLSA coordinator Mikle Kolyada (Zlogene).