Libvirt Security Notice: LSN-2013-0003

Crash of libvirtd when listing host interfaces

Lifecycle

Credits

See also

• CVE-2013-2218

Description

When requesting a list of host network interfaces that is filtered to only inactive interfaces, there is a double free of data.

Impact

A readonly user can cause memory corruption and a crash of the libvirtd daemon by asking for a list of inactive network interfaces.

Workaround

Prevent untrusted users from accessing libvirtd

Affected product: libvirt

Alternative formats: [xml] [text]