oss-sec mailing list archives

Re: Xen Security Advisory 88 - use-after-free in xc_cpupool_getinfo() under memory pressure

From: cve-assign () mitre org
Date: Wed, 12 Feb 2014 10:58:14 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If xc_cpumap_alloc() fails then xc_cpupool_getinfo() will free and incorrectly
return the then-free pointer to the result structure.

An attacker may be able to cause a multi-threaded toolstack using this
function to race against itself


Use CVE-2014-1950.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJS+5jAAAoJEKllVAevmvmsbXIIALonk+ClfcttLGQ7UI8kv4tu
sTWSC9f/XEpL5/73sufoYnl3UIZQeVeHaJQjccgTbZpkvhoREPdrTrjR/CHpfC0K
jIJm5r69eAaCrasqpCP89yYjk3MUj6wKyKGh62NGv+G28ccW1JtcEp63FVKHSVgC
nTOq5UMxYDu8MXmjmPUIqC/vSNdBiLm/01tiyuc6OBHTYp+GKIAnFhDt5iarvCO6
eD1z8uNew62u5Gi6WlPl6WWZhylLyWqmnv9Yu78jGye6/FnRrg33fs3U1Vtfhwt8
8crA6xwqEUoxNr8mmUjxyk57WPRigWL7etr8ZlDi9XbXY03JvFT/Iwxnixno2Lc=
=8vt+
-----END PGP SIGNATURE-----

Current thread:

Xen Security Advisory 88 - use-after-free in xc_cpupool_getinfo() under memory pressure Xen . org security team (Feb 12)
- Re: Xen Security Advisory 88 - use-after-free in xc_cpupool_getinfo() under memory pressure cve-assign (Feb 12)