CVE-2013-6458
libvirt < 1.2.1 - Denial of Service via Race Condition in Disk Attachment Verification
Title source: llmDescription
Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.
References (11)
Core 11
Core References
Various Sources x_refsource_confirm
http://libvirt.org/news.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2093-1
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56446
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2846
Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1043069
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60895
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201412-04.xml
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0103.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56186
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html
Scores
EPSS
0.0059
EPSS Percentile
43.6%
Details
CWE
CWE-362
Status
published
Products (50)
redhat/libvirt
0.0.1
redhat/libvirt
0.0.2
redhat/libvirt
0.0.3
redhat/libvirt
0.0.4
redhat/libvirt
0.0.5
redhat/libvirt
0.0.6
redhat/libvirt
0.1.0
redhat/libvirt
0.1.1
redhat/libvirt
0.1.3
redhat/libvirt
0.1.4
... and 40 more
Published
Jan 24, 2014
Tracked Since
Feb 18, 2026