Published: 06/01/2015 Updated: 06/01/2015

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

The qemu implementation of virConnectGetAllDomainStats in libvirt prior to 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat libvirt

Debian Bug report logs - #773856 CVE-2014-8136 deadlock on failed migration Package: src:libvirt; Maintainer for src:libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Wed, 24 Dec 2014 08:39:07 UTC Severity: important Tags: fixe ...

Debian Bug report logs - #773855 CVE-2014-8135 crash when using virStorageVolUpload Package: src:libvirt; Maintainer for src:libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Wed, 24 Dec 2014 08:39:02 UTC Severity: grave Tags: ...

Debian Bug report logs - #773858 CVE-2014-8131 deadlock or segfault in virConnectGetAllDomainStats Package: src:libvirt; Maintainer for src:libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Wed, 24 Dec 2014 08:39:17 UTC Severit ...

CWE-264 http://security.libvirt.org/2014/0008.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773856

CVE-2014-8131

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect