Libvirt Security Notice: LSN-2013-0011

Invalid free when setting up NBD devices

Lifecycle

Reported on: 20130903
Published on: 20130903
Fixed on: 20130903

Credits

Reported by: Michal Privoznik
Patched by: Michal Privoznik

See also

Description

When setup of an NBD device for a container fails the libvirtd daemon could end up free'ing an uninitialized variable. If unlucky this would result in memory corruption or a crash

Impact

A user with the permission to start LXC guests could cause the libvirtd daemon to crash leading to a denial of service

Workaround

Do not configure LXC guests with the NBD backed disks or remove the permission for untrusted users to start LXC guests

Affected product: libvirt

Branch master
Broken in: v1.0.6
Broken in: v1.1.0
Broken in: v1.1.1
Broken in: v1.1.2
Fixed in: v1.1.3
Broken by: 8aabd597b379db5ae1655e36dff4f10d5622830a
Fixed by: 2dba0323ff0cec31bdcea9dd3b2428af297401f2
Branch v1.0.6-maint
Broken by: 8aabd597b379db5ae1655e36dff4f10d5622830a
Fixed by: b5eab6a98430c742c5ad2a6d6eef5fc81d304d60
Branch v1.1.0-maint
Broken by: 8aabd597b379db5ae1655e36dff4f10d5622830a
Fixed by: b312b19149ab70c59ceb898a22adbef4c000e394
Branch v1.1.1-maint
Broken by: 8aabd597b379db5ae1655e36dff4f10d5622830a
Fixed by: 28ca8b386cfad3884712582197eeef6db9ed8b9a
Branch v1.1.2-maint
Broken by: 8aabd597b379db5ae1655e36dff4f10d5622830a
Fixed by: af8952e924921189180ee9f7dcbe6086071525f7

Alternative formats: [xml] [text]