Libvirt Security Notice: LSN-2013-0010 ====================================== Summary: Crash when querying domain memory stats Reported on: 20130903 Published on: 20130918 Fixed on: 20130918 Reported by: Daniel Berrange Patched by: Daniel Berrange See also: CVE-2013-4296 Description ----------- The code handling the virDomainMemoryStats API in the libvirtd daemon dispatch did not correctly initialize variables to NULL. Thus if RPC parameter validation failed it was possible for libvirtd to access uninitialized memory during cleanup. Impact ------ A unprivileged user can cause libvirtd to access uninitialized memory by sending an intentionally invalid RPC request for domain memory stats. This could lead to heap corruption in some cases Workaround ---------- Prevent untrusted users from connecting to the libvirtd daemon or block access to the virDomainMemoryStats API with the access control framework. Affected product ---------------- Name: libvirt Repository: https://gitlab.com/libvirt/libvirt Branch: master Broken in: v0.9.1 Broken in: v0.9.2 Broken in: v0.9.3 Broken in: v0.9.4 Broken in: v0.9.5 Broken in: v0.9.6 Broken in: v0.9.7 Broken in: v0.9.8 Broken in: v0.9.9 Broken in: v0.9.10 Broken in: v0.9.11 Broken in: v0.9.12 Broken in: v0.9.13 Broken in: v0.10.0 Broken in: v0.10.1 Broken in: v0.10.2 Broken in: v1.0.0 Broken in: v1.0.1 Broken in: v1.0.2 Broken in: v1.0.3 Broken in: v1.0.4 Broken in: v1.0.5 Broken in: v1.0.6 Broken in: v1.1.0 Broken in: v1.1.1 Broken in: v1.1.2 Fixed in: v1.1.3 Broken by: 158ba8730e44b7dd07a21ab90499996c5dec080a Fixed by: e7f400a110e2e3673b96518170bfea0855dd82c0 Branch: v0.9.6-maint Broken in: v0.9.6.1 Broken in: v0.9.6.2 Broken in: v0.9.6.3 Broken in: v0.9.6.4 Broken by: 158ba8730e44b7dd07a21ab90499996c5dec080a Branch: v0.9.11-maint Broken in: v0.9.11.1 Broken in: v0.9.11.2 Broken in: v0.9.11.3 Broken in: v0.9.11.4 Broken in: v0.9.11.5 Broken in: v0.9.11.6 Broken in: v0.9.11.7 Broken in: v0.9.11.8 Broken in: v0.9.11.9 Broken in: v0.9.11.10 Broken by: 158ba8730e44b7dd07a21ab90499996c5dec080a Branch: v0.9.12-maint Broken in: v0.9.12.1 Fixed in: v0.9.12.2 Broken by: 158ba8730e44b7dd07a21ab90499996c5dec080a Fixed by: 2f34eae93a09ac94297eaa91ad8f4b037b2c9e27 Branch: v0.10.2-maint Broken in: v0.10.2.1 Broken in: v0.10.2.2 Broken in: v0.10.2.3 Broken in: v0.10.2.4 Broken in: v0.10.2.5 Broken in: v0.10.2.6 Broken in: v0.10.2.7 Fixed in: v0.10.2.8 Broken by: 158ba8730e44b7dd07a21ab90499996c5dec080a Fixed by: 455de1215cc921efcd2b210f129f55c27445d623 Branch: v1.0.0-maint Broken by: 158ba8730e44b7dd07a21ab90499996c5dec080a Branch: v1.0.1-maint Broken by: 158ba8730e44b7dd07a21ab90499996c5dec080a Branch: v1.0.2-maint Broken by: 158ba8730e44b7dd07a21ab90499996c5dec080a Fixed by: 9579f4576c066bc20a8dd952b08657b326f71052 Branch: v1.0.3-maint Broken by: 158ba8730e44b7dd07a21ab90499996c5dec080a Fixed by: a413bc2dda06f47c2ec90ec924dbceb9dd0bbf97 Branch: v1.0.4-maint Broken by: 158ba8730e44b7dd07a21ab90499996c5dec080a Fixed by: 95983486d9f882746e7e3c4ce621ecadd7466a40 Branch: v1.0.5-maint Broken in: v1.0.5.1 Broken in: v1.0.5.2 Broken in: v1.0.5.3 Broken in: v1.0.5.4 Broken in: v1.0.5.5 Fixed in: v1.0.5.6 Broken by: 158ba8730e44b7dd07a21ab90499996c5dec080a Fixed by: 118d26dc1fd99e0d113af364638be3e9a32f706e Branch: v1.0.6-maint Broken by: 158ba8730e44b7dd07a21ab90499996c5dec080a Fixed by: 6d1acf71955c0d02168217ad0a87ef8b779e0f89 Branch: v1.1.0-maint Broken by: 158ba8730e44b7dd07a21ab90499996c5dec080a Fixed by: 2bfbf7a18e48127efd9b3d2d0976db6dffc476ff Branch: v1.1.1-maint Broken by: 158ba8730e44b7dd07a21ab90499996c5dec080a Fixed by: f229972fd92374eed356c3ede74b886ebe77734e Branch: v1.1.2-maint Broken by: 158ba8730e44b7dd07a21ab90499996c5dec080a Fixed by: 10d159fee27d007de42890626340c581cd12d788