When setting up the IRQ for a passed through physical device, a flaw in the error handling could result in a memory allocation being used after it is freed, and then freed a second time.
Malicious guest administrators can trigger a use-after-free error, resulting in hypervisor memory corruption.
Reference:
http://www.openwall.com/lists/oss-security/2014/01/23/2
CVE assignment:
http://www.openwall.com/lists/oss-security/2014/01/23/3
Acknowledgements:
Red Hat would like to thank the Xen project for reporting this issue.
Statement:
Not vulnerable.
This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5.
This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 as we did not have support for Xen hypervisor.