CVE-2013-6436

The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.2.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:59

Type Values Removed Values Added
References () http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f8c1cb90213508c4f32549023b0572ed774e48aa - () http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f8c1cb90213508c4f32549023b0572ed774e48aa -
References () http://lists.opensuse.org/opensuse-updates/2014-01/msg00004.html - () http://lists.opensuse.org/opensuse-updates/2014-01/msg00004.html -
References () http://osvdb.org/101485 - () http://osvdb.org/101485 -
References () http://secunia.com/advisories/56245 - () http://secunia.com/advisories/56245 -
References () http://secunia.com/advisories/60895 - () http://secunia.com/advisories/60895 -
References () http://security.gentoo.org/glsa/glsa-201412-04.xml - () http://security.gentoo.org/glsa/glsa-201412-04.xml -
References () http://www.ubuntu.com/usn/USN-2093-1 - () http://www.ubuntu.com/usn/USN-2093-1 -
References () https://www.redhat.com/archives/libvir-list/2013-December/msg01170.html - () https://www.redhat.com/archives/libvir-list/2013-December/msg01170.html -

Information

Published : 2014-01-07 19:55

Updated : 2024-11-21 01:59


NVD link : CVE-2013-6436

Mitre link : CVE-2013-6436

CVE.ORG link : CVE-2013-6436


JSON object : View

Products Affected

redhat

  • libvirt
CWE
CWE-264

Permissions, Privileges, and Access Controls