4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%
The ocaml binding for the xc_vcpu_getaffinity function incorrectly frees a pointer before using it and subsequently freeing it again afterwards. The code therefore contains a use-after-free and double-free flaws.
An attacker may be able to cause a multithreaded toolstack written in ocaml and using this function to race against itself leading to heap corruption and a potential DoS.
Depending on the malloc implementation code execution cannot be ruled out.
The flaw is present in Xen 4.2 onwards.
Systems using an ocaml based toolstack (e.g. xapi) are vulnerable.