When setting up the IRQ for a passed through physical device, a flaw in the error handling could result in a memory allocation being used after it is freed, and then freed a second time. Malicious guest administrators can trigger a use-after-free error, resulting in hypervisor memory corruption. Reference: http://www.openwall.com/lists/oss-security/2014/01/23/2 CVE assignment: http://www.openwall.com/lists/oss-security/2014/01/23/3 Acknowledgements: Red Hat would like to thank the Xen project for reporting this issue.
Statement: Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. This issue did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 as we did not have support for Xen hypervisor.
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1057142]