Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
xen.5854
xsa188.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xsa188.patch of Package xen.5854
References: bsc#997731 CVE-2016-7154 XSA-188 evtchn-fifo: prevent use after free evtchn_fifo_init_control() calls evtchn_fifo_destroy() on an error path, leading to cleanup_event_array() which frees d->evtchn_fifo without also clearing the pointer. Otoh the bulk of evtchn_fifo_init_control() is dependent on d->evtchn_fifo being NULL. This is XSA-188 / CVE-2016-7154. Suggested-by: Mikhail V Gorobets <mikhail.v.gorobets@intel.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> --- a/xen/common/event_fifo.c +++ b/xen/common/event_fifo.c @@ -482,6 +482,7 @@ static void cleanup_event_array(struct d for ( i = 0; i < EVTCHN_FIFO_MAX_EVENT_ARRAY_PAGES; i++ ) unmap_guest_page(d->evtchn_fifo->event_array[i]); xfree(d->evtchn_fifo); + d->evtchn_fifo = NULL; } static void setup_ports(struct domain *d)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor