The ocaml binding for the xc_vcpu_getaffinity function incorrectly frees a pointer before using it and subsequently freeing it again afterwards. The code therefore contains a use-after-free and double-free flaws. An attacker may be able to cause a multithreaded toolstack written in ocaml and using this function to race against itself leading to heap corruption and a potential DoS. Depending on the malloc implementation code execution cannot be ruled out. Acknowledgements: Red Hat would like to thank the Xen project for reporting this issue.
Statement: Not vulnerable. This issue does not affect the versions of the xen package as shipped with Red Hat Enterprise Linux 5 as it does not provide support for the ocaml toolstack. This issue does not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2.
External References: http://xenbits.xen.org/xsa/advisory-69.html
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1017843]