diff options
Diffstat (limited to 'main/xen/xsa47-4.2-unstable.patch')
| -rw-r--r-- | main/xen/xsa47-4.2-unstable.patch | 31 |
1 files changed, 0 insertions, 31 deletions
diff --git a/main/xen/xsa47-4.2-unstable.patch b/main/xen/xsa47-4.2-unstable.patch deleted file mode 100644 index 7ebb8c8a31..0000000000 --- a/main/xen/xsa47-4.2-unstable.patch +++ /dev/null @@ -1,31 +0,0 @@ -defer event channel bucket pointer store until after XSM checks - -Otherwise a dangling pointer can be left, which would cause subsequent -memory corruption as soon as the space got re-allocated for some other -purpose. - -This is CVE-2013-1920 / XSA-47. - -Reported-by: Wei Liu <wei.liu2@citrix.com> -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Tim Deegan <tim@xen.org> - ---- a/xen/common/event_channel.c -+++ b/xen/common/event_channel.c -@@ -140,7 +140,6 @@ static int get_free_port(struct domain * - chn = xzalloc_array(struct evtchn, EVTCHNS_PER_BUCKET); - if ( unlikely(chn == NULL) ) - return -ENOMEM; -- bucket_from_port(d, port) = chn; - - for ( i = 0; i < EVTCHNS_PER_BUCKET; i++ ) - { -@@ -153,6 +152,8 @@ static int get_free_port(struct domain * - } - } - -+ bucket_from_port(d, port) = chn; -+ - return port; - } - |