[kernel-xen] Xen Security Advisory 69 (CVE-2013-4370) - misplaced free in ocaml xc_vcpu_getaffinity stub
netwiz at crc.id.au
Fri Oct 11 02:44:57 EST 2013
Xen Security Advisory CVE-2013-4370 / XSA-69
misplaced free in ocaml xc_vcpu_getaffinity stub
UPDATES IN VERSION 2
The ocaml binding for the xc_vcpu_getaffinity function incorrectly
frees a pointer before using it and subsequently freeing it again
afterwards. The code therefore contains a use-after-free and
An attacker may be able to cause a multithreaded toolstack written in
ocaml and using this function to race against itself leading to heap
corruption and a potential DoS.
Depending on the malloc implementation code execution cannot be ruled
The flaw is present in Xen 4.2 onwards.
Systems using an ocaml based toolstack (e.g. xapi) are vulnerable.
Not calling the vcpu_getaffinity function will avoid this issue.
Not allowing untrusted users access to toolstack functionality will
avoid this issue.
This issue was discovered by Coverity Scan and Matthew Daley.
Fixed in xen-4.2.3-4
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 901 bytes
Desc: OpenPGP digital signature
More information about the kernel-xen