CVE-2014-8131
Published: 6 January 2015
The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(code not present)
|
precise |
Not vulnerable
(code not present)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Released
(1.2.11)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Not vulnerable
(1.2.12-0ubuntu14.2)
|
|
Patches: upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=57023c0a3af4af1c547189c1f6712ed5edeb0c0b upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=cb104ef734dfea12cb8826dba7e2c98912c4b7e1 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=27431ec96e617f186bd3f5900aeb7d622770533a |