CVE-2014-8131

Published: 6 January 2015

The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.

Priority

Status

Package	Release	Status
libvirt Launchpad, Ubuntu, Debian	lucid	Not vulnerable (code not present)
	precise	Not vulnerable (code not present)
	trusty	Not vulnerable (code not present)
	upstream	Released (1.2.11)
	utopic	Ignored (end of life)
	vivid	Not vulnerable (1.2.12-0ubuntu14.2)
	Patches: upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=57023c0a3af4af1c547189c1f6712ed5edeb0c0b upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=cb104ef734dfea12cb8826dba7e2c98912c4b7e1 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=27431ec96e617f186bd3f5900aeb7d622770533a

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2014-8131

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading