[kernel-xen] Xen Security Advisory 70 (CVE-2013-4371) - use-after-free in libxl_list_cpupool under memory pressure
netwiz at crc.id.au
Fri Oct 11 02:45:26 EST 2013
Xen Security Advisory CVE-2013-4371 / XSA-70
use-after-free in libxl_list_cpupool under memory pressure
UPDATES IN VERSION 2
If realloc(3) fails then libxl_list_cpupool will incorrectly return
the now-free original pointer.
An attacker may be able to cause a multithreaded toolstack using this
function to race against itself leading to heap corruption and a
Depending on the malloc implementation code execution cannot be ruled
The flaw is present in Xen 4.2 onwards.
Systems using the libxl toolstack library are vulnerable.
Not calling the libxl_list_cpupool function will avoid this issue.
Not allowing untrusted users access to toolstack functionality will
avoid this issue.
This issue was discovered by Coverity Scan and Matthew Daley.
Fixed in xen-4.2.3-4
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 901 bytes
Desc: OpenPGP digital signature
More information about the kernel-xen