Libvirt Security Notice: LSN-2014-0008 ====================================== Summary: deadlock or segfault in virConnectGetAllDomainStats Reported on: 20141127 Published on: 20141205 Fixed on: 20141211 Reported by: Martin Kletzander Patched by: Martin Kletzander , Francesco Romani See also: CVE-2014-8131 Description ----------- When using fine-grained ACLs to restrict users from accessing all domains, a logic bug in the qemu implementation of virConnectGetAllDomainStats could result in incorrect lock management of the next domain inspected after a domain that was skipped due to ACL restrictions. Impact ------ A restricted client can trigger a denial of service against a more privileged user when libvirtd goes into deadlock when trying to lock an incorrectly locked domain, or crashes when trying to unlock a domain that was not locked. Workaround ---------- Stop use of the fine grained access control mechanism, or stop trying to use access control to restrict the set of domains that an authorized client can see. Affected product ---------------- Name: libvirt Repository: https://gitlab.com/libvirt/libvirt Branch: master Broken in: v1.2.8 Broken in: v1.2.9 Broken in: v1.2.10 Fixed in: v1.2.11 Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803 Broken by: 1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685 Fixed by: 57023c0a3af4af1c547189c1f6712ed5edeb0c0b Fixed by: cb104ef734dfea12cb8826dba7e2c98912c4b7e1 Branch: v1.2.8-maint Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803 Broken by: 1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685 Fixed by: 27431ec96e617f186bd3f5900aeb7d622770533a Branch: v1.2.9-maint Broken in: v1.2.9.1 Fixed in: v1.2.9.2 Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803 Broken by: 1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685 Fixed by: 5d8bee6d57cddf462912ad2fc544c8a57b1c2841 Fixed by: dfbdea7ea8fa36d9f27942c5b2882acfd86a3c3b Branch: v1.2.10-maint Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803 Broken by: 1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685 Fixed by: a20e818cb3f46d2dce586327dcc49ffcd82d94cb Fixed by: a9638ae975a1c784d958e3fb2f0aab36b3ebddeb