Libvirt Security Notice Index > 2017 > LSN-2017-0001 [xml] [text]

Libvirt Security Notice: LSN-2017-0001

libvirtd crashes in virConnectGetAllDomainStats with empty cdrom

Lifecycle

Reported on: 20170224
Published on: 20170224
Fixed on: 20170224

Credits

Reported by: Peter Krempa
Patched by: Peter Krempa

See also

Description

When calling the virConnectGetAllDomainStats API on a guest which has a CDROM drive with no media present, libvirtd will crash on a NULL pointer access

Impact

An application can cause a denial of service by crashing libvirtd if a guest has a CDROM drive with no media

Workaround

Avoid calling the virConnectGetAllDomainStats API, or ensure all CDROM drives have media inserted

Affected product: libvirt

Branch: master

Broken in:
v3.0.0
Fixed in:
v3.1.0
Broken by:
c5f6151390ff0a8e65014172bb8c0a8d312c3353
Fixed by:
c3de387380f6057ee0e46cd9f2f0a092e8070875

Branch: v3.0-maint

Broken in:
Fixed in:
Broken by:
c5f6151390ff0a8e65014172bb8c0a8d312c3353
Fixed by:

Alternative formats: [xml] [text]