xen/xen - xen

diff options

author	Jan Beulich <jbeulich@suse.com>	2013-04-05 10:02:05 +0200
committer	Jan Beulich <jbeulich@suse.com>	2013-04-05 10:02:05 +0200
commit	2bebeac00164b8fd6fdc98db74df943d927aab06 (patch)
tree	12852b041c0a4975063bafb63cf4caae16c7314b /tools/lib/sys_string.h
parent	70b67e907427c3c891d8b6b1ba656b2136e34418 (diff)
download	xen-2bebeac00164b8fd6fdc98db74df943d927aab06.tar.gz xen-2bebeac00164b8fd6fdc98db74df943d927aab06.tar.bz2 xen-2bebeac00164b8fd6fdc98db74df943d927aab06.zip

defer event channel bucket pointer store until after XSM checks

Otherwise a dangling pointer can be left, which would cause subsequent memory corruption as soon as the space got re-allocated for some other purpose. This is CVE-2013-1920 / XSA-47. Reported-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Tim Deegan <tim@xen.org> master commit: 99b9ab0b3e7f0e7e5786116773cb7b746f3fab87 master date: 2013-04-05 09:59:03 +0200

Diffstat (limited to 'tools/lib/sys_string.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: