Description of problem: The Coverity checker spotted the following use-after-free in drivers/xen/xenbus/xenbus_xs.c: <-- snip --> ... static int process_msg(void) { ... if (IS_ERR(msg->u.watch.vec)) { kfree(msg); err = PTR_ERR(msg->u.watch.vec); ... <-- snip --> Version-Release number of selected component (if applicable): 4.5 How reproducible: Would need to exhaust system memory to generate a ENOMEM while performing xenstore access by xenbus driver Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
This request was previously evaluated by Red Hat Product Management for inclusion in the current Red Hat Enterprise Linux release, but Red Hat was unable to resolve it in time. This request will be reviewed for a future Red Hat Enterprise Linux release.
committed in stream U7 build 68.6. A test kernel with this patch is available from http://people.redhat.com/~jbaron/rhel4/
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2008-0665.html