diff options
author | Jan Beulich <jbeulich@suse.com> | 2013-04-05 09:59:03 +0200 |
---|---|---|
committer | Jan Beulich <jbeulich@suse.com> | 2013-04-05 09:59:03 +0200 |
commit | 99b9ab0b3e7f0e7e5786116773cb7b746f3fab87 (patch) | |
tree | d82851af78da9d81e9e2e26b47ea99779c4b8af0 /tools/python | |
parent | cfc515dabe91e3d6c690c68c6a669d6d77fb7ac4 (diff) | |
download | xen-99b9ab0b3e7f0e7e5786116773cb7b746f3fab87.tar.gz xen-99b9ab0b3e7f0e7e5786116773cb7b746f3fab87.tar.bz2 xen-99b9ab0b3e7f0e7e5786116773cb7b746f3fab87.zip |
defer event channel bucket pointer store until after XSM checks
Otherwise a dangling pointer can be left, which would cause subsequent
memory corruption as soon as the space got re-allocated for some other
purpose.
This is CVE-2013-1920 / XSA-47.
Reported-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Tim Deegan <tim@xen.org>
Diffstat (limited to 'tools/python')
0 files changed, 0 insertions, 0 deletions