Libvirt Security Notice Index > 2013 > LSN-2013-0007 [xml] [text]

Libvirt Security Notice: LSN-2013-0007

Crash listing inactive domains in Xen driver

Lifecycle

Reported on: 20130805
Published on: 20130805
Fixed on: 20130805

Credits

Reported by: Jim Fehlig
Patched by: Jim Fehlig

See also

Description

The legacy Xen driver code for listing inactive domains would start populating an array at index -1. This causes memory corruption leading to a crash of libvirtd

Impact

An unprivileged user can crash libvirtd by requesting a list of inactive domains on a Xen host

Workaround

Prevent untrusted users from accessing libvirtd

Affected product: libvirt

Branch: master

Broken in:
v1.1.1
Fixed in:
v1.1.2
Broken by:
632180d14f4a4934436ee4c9ebd8f6b8feed671f
Fixed by:
0e671a1646df543eab683b38f6644f70d12fbee1

Branch: v1.1.1-maint

Broken in:
Fixed in:
Broken by:
632180d14f4a4934436ee4c9ebd8f6b8feed671f
Fixed by:
673ff0d7ea937b104c67161843949e83b8080c3b

Alternative formats: [xml] [text]