HVM qemu unexpectedly enabling emulated VGA graphics backends

ISSUE DESCRIPTION When instantiating an emulated VGA device for an x86 HVM guest qemu will by default enable a backend to expose that device, either SDL or VNC depending on the version of qemu and the build time configuration. The libxl toolstack library does not explicitly disable these default...

misplaced free in ocaml xc_vcpu_getaffinity stub

ISSUE DESCRIPTION The ocaml binding for the xcvcpugetaffinity function incorrectly frees a pointer before using it and subsequently freeing it again afterwards. The code therefore contains a use-after-free and double-free flaws. IMPACT An attacker may be able to cause a multithreaded toolstack...