FreeBSD : xen-kernel -- use after free in FIFO event channel code (4bf57137-ba4d-11e6-ae1b-002590263bf5)
High Nessus Plugin ID 95503
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe Xen Project reports :
When the EVTCHNOP_init_control operation is called with a bad guest frame number, it takes an error path which frees a control structure without also clearing the corresponding pointer. Certain subsequent operations (EVTCHNOP_expand_array or another EVTCHNOP_init_control), upon finding the non-NULL pointer, continue operation assuming it points to allocated memory.
A malicious guest administrator can crash the host, leading to a DoS.
Arbitrary code execution (and therefore privilege escalation), and information leaks, cannot be excluded.
SolutionUpdate the affected package.