CVE-2014-8136

Published: 19/12/2014 Updated: 13/02/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mageia mageia 4.0
redhat libvirt -
canonical ubuntu linux 12.04
canonical ubuntu linux 15.10
canonical ubuntu linux 14.04
canonical ubuntu linux 15.04
opensuse opensuse 13.1
opensuse opensuse 13.2
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
redhat enterprise linux hpc node 7.0

Several security issues were fixed in libvirt ...

Debian Bug report logs - #773858 CVE-2014-8131 deadlock or segfault in virConnectGetAllDomainStats Package: src:libvirt; Maintainer for src:libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Wed, 24 Dec 2014 08:39:17 UTC Severit ...

Debian Bug report logs - #773856 CVE-2014-8136 deadlock on failed migration Package: src:libvirt; Maintainer for src:libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Wed, 24 Dec 2014 08:39:07 UTC Severity: important Tags: fixe ...

Debian Bug report logs - #773855 CVE-2014-8135 crash when using virStorageVolUpload Package: src:libvirt; Maintainer for src:libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Wed, 24 Dec 2014 08:39:02 UTC Severity: grave Tags: ...

It was found that QEMU's qemuDomainMigratePerform() and qemuDomainMigrateFinish2() functions did not correctly perform a domain unlock on a failed ACL check A remote attacker able to establish a connection to libvirtd could use this flaw to lock a domain of a more privileged user, causing a denial of service ...

CWE-264 http://secunia.com/advisories/61111 http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0323.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:070 http://www.mandriva.com/security/advisories?name=MDVSA-2015:023 http://advisories.mageia.org/MGASA-2015-0002.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00003.html http://www.ubuntu.com/usn/USN-2867-1 http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=2bdcd29c713dfedd813c89f56ae98f6f3898313d https://usn.ubuntu.com/2867-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-8136

CVE-2014-8136

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect