Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:Maintenance:114
xen.openSUSE_Evergreen_11.4
CVE-2013-1920-xsa47.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2013-1920-xsa47.patch of Package xen.openSUSE_Evergreen_11.4
defer event channel bucket pointer store until after XSM checks Otherwise a dangling pointer can be left, which would cause subsequent memory corruption as soon as the space got re-allocated for some other purpose. This is CVE-2013-1920 / XSA-47. Reported-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Tim Deegan <tim@xen.org> --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -104,7 +104,6 @@ static int get_free_port(struct domain * if ( unlikely(chn == NULL) ) return -ENOMEM; memset(chn, 0, EVTCHNS_PER_BUCKET * sizeof(*chn)); - bucket_from_port(d, port) = chn; for ( i = 0; i < EVTCHNS_PER_BUCKET; i++ ) { @@ -117,6 +116,8 @@ static int get_free_port(struct domain * } } + bucket_from_port(d, port) = chn; + return port; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor