[xen/f19] Out-of-memory condition yielding memory corruption during IRQ setup
myoung
myoung at fedoraproject.org
Thu Jan 23 23:50:55 UTC 2014
commit 054ad39b32ad09acc0c2b78a7710fbb498e389cd
Author: Michael Young <m.a.young at durham.ac.uk>
Date: Thu Jan 23 23:51:04 2014 +0000
Out-of-memory condition yielding memory corruption during IRQ setup
xen.spec | 8 +++++++-
xsa83.patch | 20 ++++++++++++++++++++
2 files changed, 27 insertions(+), 1 deletions(-)
---
diff --git a/xen.spec b/xen.spec
index d3d70a4..2b4853c 100644
--- a/xen.spec
+++ b/xen.spec
@@ -27,7 +27,7 @@
Summary: Xen is a virtual machine monitor
Name: xen
Version: 4.2.3
-Release: 12%{?dist}
+Release: 13%{?dist}
Group: Development/Libraries
License: GPLv2+ and LGPLv2+ and BSD
URL: http://xen.org/
@@ -97,6 +97,7 @@ Patch119: xsa74-4.1-4.2.patch
Patch120: xsa76.patch
Patch121: xsa82.patch
Patch122: xsa80.patch
+Patch123: xsa83.patch
Patch100: xen-configure-xend.patch
@@ -284,6 +285,7 @@ manage Xen virtual machines.
%patch120 -p1
%patch121 -p1
%patch122 -p1
+%patch123 -p1
%patch100 -p1
@@ -777,6 +779,10 @@ rm -rf %{buildroot}
%endif
%changelog
+* Thu Jan 23 2014 Michael Young <m.a.young at durham.ac.uk> - 4.2.3-13
+- Out-of-memory condition yielding memory corruption during IRQ setup
+ [XSA-83, CVE-2014-1642] (#1057142)
+
* Wed Dec 11 2013 Michael Young <m.a.young at durham.ac.uk> - 4.2.3-12
- IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400]
(#1040024)
diff --git a/xsa83.patch b/xsa83.patch
new file mode 100644
index 0000000..209c38b
--- /dev/null
+++ b/xsa83.patch
@@ -0,0 +1,20 @@
+x86/irq: avoid use-after-free on error path in pirq_guest_bind()
+
+This is XSA-83.
+
+Coverity-ID: 1146952
+Signed-off-by: Andrew Cooper <andrew.cooper3 at citrix.com>
+Reviewed-by: Jan Beulich <jbeulich at suse.com>
+
+--- a/xen/arch/x86/irq.c
++++ b/xen/arch/x86/irq.c
+@@ -1590,8 +1590,7 @@ int pirq_guest_bind(struct vcpu *v, stru
+ printk(XENLOG_G_INFO
+ "Cannot bind IRQ%d to dom%d. Out of memory.\n",
+ pirq->pirq, v->domain->domain_id);
+- rc = -ENOMEM;
+- goto out;
++ return -ENOMEM;
+ }
+
+ action = newaction;
More information about the scm-commits
mailing list