Candidate: CVE-2013-4371
PublicDate: 2013-10-17 23:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4371
 http://lists.xen.org/archives/html/xen-announce/2013-10/msg00004.html
Description:
 Use-after-free vulnerability in the libxl_list_cpupool function in the
 libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory
 pressure," returns the original pointer when the realloc function fails,
 which allows local users to cause a denial of service (heap corruption and
 crash) and possibly execute arbitrary code via unspecified vectors.
Ubuntu-Description:
Notes:
 jdstrand> per upstream, 4.2 and later
 mdeslaur> This is XSA-70
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_xen-3.3:
upstream_xen-3.3: ignored (reached end-of-life)
lucid_xen-3.3: not-affected (3.3.0-1ubuntu11)
precise_xen-3.3: DNE
quantal_xen-3.3: DNE
raring_xen-3.3: DNE
saucy_xen-3.3: DNE
devel_xen-3.3: DNE

Patches_xen:
 other: xsa69.patch
upstream_xen: needs-triage
lucid_xen: DNE
precise_xen: not-affected
quantal_xen: not-affected (4.1.3-3ubuntu1.7)
raring_xen: released (4.2.2-0ubuntu0.13.04.2)
saucy_xen: released (4.3.0-1ubuntu1.1)
devel_xen: released (4.3.0-1ubuntu2)