CVE-2014-3672
Published: 25 May 2016
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
Notes
Author | Note |
---|---|
mdeslaur | as of 2017-08-01, no equivalent fix in qemu tree. Unlikely to be fixed in qemu. As such, marking as ignored in qemu. the libvirt fix changes behaviour, we are not going to backport the new log location to trusty. |
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
|
precise |
Ignored
(end of life)
|
|
trusty |
Ignored
|
|
upstream |
Released
(1.3.0)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(1.3.1-1ubuntu10)
|
|
yakkety |
Not vulnerable
|
|
zesty |
Not vulnerable
|
|
Patches: upstream: https://libvirt.org/git/?p=libvirt.git;a=commit;h=0d968ad715475a1660779bcdd2c5b38ad63db4cf |
||
qemu Launchpad, Ubuntu, Debian |
artful |
Ignored
|
precise |
Does not exist
|
|
trusty |
Ignored
|
|
upstream |
Needs triage
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Ignored
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
|
|
qemu-kvm Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
xen Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(code not compiled)
|
precise |
Released
(4.1.6.1-0ubuntu0.12.04.11)
|
|
trusty |
Released
(4.4.2-0ubuntu0.14.04.6)
|
|
upstream |
Needs triage
|
|
wily |
Not vulnerable
(code not compiled)
|
|
xenial |
Not vulnerable
(code not compiled)
|
|
yakkety |
Not vulnerable
(code not compiled)
|
|
zesty |
Not vulnerable
(code not compiled)
|
|
Binaries built from this source package are in Universe and so are supported by the community. |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Changed |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |