Libvirt Security Notice: LSN-2013-0005

Crash after querying vCPU count from guest agent

Lifecycle

Reported on: 20130716
Published on: 20130716
Fixed on: 20130716

Credits

Reported by: Peter Krempa
Patched by: Peter Krempa

See also

Description

When processing the response to a vCPU count query from the guest agent, a JSON object would be freed twice. This could result in a crash of the libvirtd daemon.

Impact

A user with permission to query the VCPU count could crash the libvirtd daemon resulting in a denial of service.

Workaround

Prevent untrusted users from accessing libvirtd

Affected product: libvirt

Branch master
Broken in: v1.1.0
Broken in: v1.1.1
Broken by: 3099c063e348fdc79a900f88bcfc5389dada7786
Fixed by: dfc692350a04a70b4ca65667c30869b3bfdaf034
Branch v1.1.0-maint
Broken by: 3099c063e348fdc79a900f88bcfc5389dada7786
Fixed by: cafcec2f5b0c9ff1dc573d798933ae453a15fa29

Alternative formats: [xml] [text]