Libvirt Security Notice: LSN-2011-0003

Security manager does not disable disk probing


Reported on: 20110526
Published on: 20110531
Fixed on: 20110531


Reported by: Eric Blake
Patched by: Eric Blake

See also


The flag controlling whether the security manager disabled disk probing was being overwritten due to miscalculation in the size of a structure. This meant that the security driver may mistakenly probe disk formats when setting up guest labelling and thus allow access to inappropriate host files.


A malicious guest disk image could trick the security driver into providing access to inappropriate host files


Do not use raw disk images

Affected product: libvirt

Branch master
Broken in: v0.8.8
Broken in: v0.9.0
Broken in: v0.9.1
Fixed in: v0.9.2
Broken by: d6623003c6551be07d42a72ce976ab8b0986ec15
Fixed by: b598ac555c8fe67ffc39ac8ef25fe7e6b28ae3f2

Alternative formats: [xml] [text]