Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 499054 (CVE-2014-1642) - <app-emulation/xen-{4.2.3-r1,4.3.1-r5}: Double free in IRQ pass-through allocation (XSA-83) (CVE-2014-1642)
Summary: <app-emulation/xen-{4.2.3-r1,4.3.1-r5}: Double free in IRQ pass-through alloc...
Status: RESOLVED FIXED
Alias: CVE-2014-1642
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-01-23 15:28 UTC by Chris Reffett (RETIRED)
Modified: 2014-07-16 16:46 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Reffett (RETIRED) gentoo-dev Security 2014-01-23 15:28:01 UTC
From ${URL}:

ISSUE DESCRIPTION
=================

When setting up the IRQ for a passed through physical device, a flaw
in the error handling could result in a memory allocation being used
after it is freed, and then freed a second time.  This would typically
result in memory corruption.

IMPACT
======

Malicious guest administrators can trigger a use-after-free error, resulting
in hypervisor memory corruption.  The effects of memory corruption could be
anything, including a host-wide denial of service, or privilege escalation.
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2014-01-23 15:30:50 UTC
Patch available at http://xenbits.xen.org/xsa/xsa83.patch
Comment 2 Yixun Lan gentoo-dev 2014-01-24 15:45:29 UTC
fixed, patch included in following versions

app-emulation/xen-4.2.2-r3
app-emulation/xen-4.3.1-r4
Comment 3 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2014-01-27 17:46:34 UTC
(In reply to Yixun Lan from comment #2)
> fixed, patch included in following versions
> 
> app-emulation/xen-4.2.2-r3
> app-emulation/xen-4.3.1-r4

ready for go stable?
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-01-27 18:28:48 UTC
CVE-2014-1642 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1642):
  The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and
  configured to support a large number of CPUs, frees certain memory that may
  still be intended for use, which allows local guest administrators to cause
  a denial of service (memory corruption and hypervisor crash) and possibly
  execute arbitrary code via vectors related to an out-of-memory error that
  triggers a (1) use-after-free or (2) double free.
Comment 5 Yixun Lan gentoo-dev 2014-02-13 09:37:21 UTC
(In reply to Mikle Kolyada from comment #3)
> ready for go stable?

I've reuqested a stable, see bug #500528, also bug #500530
Comment 6 Yury German Gentoo Infrastructure gentoo-dev 2014-05-21 03:30:26 UTC
Fixed as part of Bug 500530.

Adding to existing GLSA.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-07-16 16:46:37 UTC
This issue was resolved and addressed in
 GLSA 201407-03 at http://security.gentoo.org/glsa/glsa-201407-03.xml
by GLSA coordinator Mikle Kolyada (Zlogene).