projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cfc515d) | patch
defer event channel bucket pointer store until after XSM checks
authorJan Beulich <jbeulich@suse.com>
Fri, 5 Apr 2013 07:59:03 +0000 (09:59 +0200)
committerJan Beulich <jbeulich@suse.com>
Fri, 5 Apr 2013 07:59:03 +0000 (09:59 +0200)
commit99b9ab0b3e7f0e7e5786116773cb7b746f3fab87
treed82851af78da9d81e9e2e26b47ea99779c4b8af0tree | snapshot
parentcfc515dabe91e3d6c690c68c6a669d6d77fb7ac4commit | diff
defer event channel bucket pointer store until after XSM checks

Otherwise a dangling pointer can be left, which would cause subsequent
memory corruption as soon as the space got re-allocated for some other
purpose.

This is CVE-2013-1920 / XSA-47.

Reported-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Tim Deegan <tim@xen.org>
xen/common/event_channel.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.