| Reported on: | 20171221 |
|---|---|
| Published on: | 20171221 |
| Fixed on: | 20180118 |
| Reported by: | Peter Krempa |
|---|---|
| Daniel P. Berrangé | |
| Patched by: | Daniel P. Berrangé |
The libvirt code that reads data from the QEMU monitor will read data until encountering a newline, buffering all data in memory with no upper limit applied.
A malicious QEMU process can cause the libvirtd daemon to consume an arbitrary amount of memory by sending lots of data without any newline characters.
There is no practical workaround to prevent this happening, though to exploit it a user would have to first break out of the guest into QEMU
| Branch | master |
|---|---|
| Broken in: | v0.2.0 |
| Broken in: | v0.2.1 |
| Broken in: | v0.2.2 |
| Broken in: | v0.2.3 |
| Broken in: | v0.3.0 |
| Broken in: | v0.3.1 |
| Broken in: | v0.3.2 |
| Broken in: | v0.3.3 |
| Broken in: | v0.4.1 |
| Broken in: | v0.4.2 |
| Broken in: | v0.4.4 |
| Broken in: | v0.4.6 |
| Broken in: | v0.5.0 |
| Broken in: | v0.5.1 |
| Broken in: | v0.6.0 |
| Broken in: | v0.6.1 |
| Broken in: | v0.6.2 |
| Broken in: | v0.6.3 |
| Broken in: | v0.6.4 |
| Broken in: | v0.6.5 |
| Broken in: | v0.7.0 |
| Broken in: | v0.7.1 |
| Broken in: | v0.7.2 |
| Broken in: | v0.7.3 |
| Broken in: | v0.7.4 |
| Broken in: | v0.7.5 |
| Broken in: | v0.7.6 |
| Broken in: | v0.7.7 |
| Broken in: | v0.8.0 |
| Broken in: | v0.8.1 |
| Broken in: | v0.8.2 |
| Broken in: | v0.8.3 |
| Broken in: | v0.8.4 |
| Broken in: | v0.8.5 |
| Broken in: | v0.8.6 |
| Broken in: | v0.8.7 |
| Broken in: | v0.8.8 |
| Broken in: | v0.9.0 |
| Broken in: | v0.9.1 |
| Broken in: | v0.9.2 |
| Broken in: | v0.9.3 |
| Broken in: | v0.9.4 |
| Broken in: | v0.9.5 |
| Broken in: | v0.9.6 |
| Broken in: | v0.9.7 |
| Broken in: | v0.9.8 |
| Broken in: | v0.9.9 |
| Broken in: | v0.9.10 |
| Broken in: | v0.9.11 |
| Broken in: | v0.9.12 |
| Broken in: | v0.9.13 |
| Broken in: | v0.10.0 |
| Broken in: | v0.10.1 |
| Broken in: | v0.10.2 |
| Broken in: | v1.0.0 |
| Broken in: | v1.0.1 |
| Broken in: | v1.0.2 |
| Broken in: | v1.0.3 |
| Broken in: | v1.0.4 |
| Broken in: | v1.0.5 |
| Broken in: | v1.0.6 |
| Broken in: | v1.1.0 |
| Broken in: | v1.1.1 |
| Broken in: | v1.1.2 |
| Broken in: | v1.1.3 |
| Broken in: | v1.1.4 |
| Broken in: | v1.2.0 |
| Broken in: | v1.2.1 |
| Broken in: | v1.2.2 |
| Broken in: | v1.2.3 |
| Broken in: | v1.2.4 |
| Broken in: | v1.2.5 |
| Broken in: | v1.2.6 |
| Broken in: | v1.2.7 |
| Broken in: | v1.2.8 |
| Broken in: | v1.2.9 |
| Broken in: | v1.2.10 |
| Broken in: | v1.2.11 |
| Broken in: | v1.2.12 |
| Broken in: | v1.2.13 |
| Broken in: | v1.2.14 |
| Broken in: | v1.2.15 |
| Broken in: | v1.2.16 |
| Broken in: | v1.2.17 |
| Broken in: | v1.2.18 |
| Broken in: | v1.2.19 |
| Broken in: | v1.2.20 |
| Broken in: | v1.2.21 |
| Broken in: | v1.3.0 |
| Broken in: | v1.3.1 |
| Broken in: | v1.3.2 |
| Broken in: | v1.3.3 |
| Broken in: | v1.3.4 |
| Broken in: | v1.3.5 |
| Broken in: | v2.0.0 |
| Broken in: | v2.1.0 |
| Broken in: | v2.2.0 |
| Broken in: | v2.3.0 |
| Broken in: | v2.4.0 |
| Broken in: | v2.5.0 |
| Broken in: | v3.0.0 |
| Broken in: | v3.1.0 |
| Broken in: | v3.2.0 |
| Broken in: | v3.3.0 |
| Broken in: | v3.4.0 |
| Broken in: | v3.5.0 |
| Broken in: | v3.6.0 |
| Broken in: | v3.7.0 |
| Broken in: | v3.8.0 |
| Broken in: | v3.9.0 |
| Broken in: | v3.10.0 |
| Fixed in: | v4.0.0 |
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Fixed by: | bc251ea91bcfddd2622fce6bce701a438b2e7276 |
| Branch | v0.8.3-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v0.9.6-maint |
|---|---|
| Broken in: | v0.9.6.1 |
| Broken in: | v0.9.6.2 |
| Broken in: | v0.9.6.3 |
| Broken in: | v0.9.6.4 |
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v0.9.11-maint |
|---|---|
| Broken in: | v0.9.11.1 |
| Broken in: | v0.9.11.2 |
| Broken in: | v0.9.11.3 |
| Broken in: | v0.9.11.4 |
| Broken in: | v0.9.11.5 |
| Broken in: | v0.9.11.6 |
| Broken in: | v0.9.11.7 |
| Broken in: | v0.9.11.8 |
| Broken in: | v0.9.11.9 |
| Broken in: | v0.9.11.10 |
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v0.9.12-maint |
|---|---|
| Broken in: | v0.9.12.1 |
| Broken in: | v0.9.12.2 |
| Broken in: | v0.9.12.3 |
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v0.10.2-maint |
|---|---|
| Broken in: | v0.10.2.1 |
| Broken in: | v0.10.2.2 |
| Broken in: | v0.10.2.3 |
| Broken in: | v0.10.2.4 |
| Broken in: | v0.10.2.5 |
| Broken in: | v0.10.2.6 |
| Broken in: | v0.10.2.7 |
| Broken in: | v0.10.2.8 |
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.0.0-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.0.1-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.0.2-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.0.3-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.0.4-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.0.5-maint |
|---|---|
| Broken in: | v1.0.5.1 |
| Broken in: | v1.0.5.2 |
| Broken in: | v1.0.5.3 |
| Broken in: | v1.0.5.4 |
| Broken in: | v1.0.5.5 |
| Broken in: | v1.0.5.6 |
| Broken in: | v1.0.5.7 |
| Broken in: | v1.0.5.8 |
| Broken in: | v1.0.5.9 |
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.0.6-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.1.0-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.1.1-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.1.2-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.1.3-maint |
|---|---|
| Broken in: | v1.1.3.1 |
| Broken in: | v1.1.3.2 |
| Broken in: | v1.1.3.3 |
| Broken in: | v1.1.3.4 |
| Broken in: | v1.1.3.5 |
| Broken in: | v1.1.3.6 |
| Broken in: | v1.1.3.7 |
| Broken in: | v1.1.3.8 |
| Broken in: | v1.1.3.9 |
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.1.4-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.0-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.1-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.2-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.3-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.4-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.5-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.6-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.7-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.8-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.9-maint |
|---|---|
| Broken in: | v1.2.9.1 |
| Broken in: | v1.2.9.2 |
| Broken in: | v1.2.9.3 |
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.10-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.11-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.12-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.13-maint |
|---|---|
| Broken in: | v1.2.13.1 |
| Broken in: | v1.2.13.2 |
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.14-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.15-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.16-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.17-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.18-maint |
|---|---|
| Broken in: | v1.2.18.1 |
| Broken in: | v1.2.18.2 |
| Broken in: | v1.2.18.3 |
| Broken in: | v1.2.18.4 |
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.19-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.20-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.2.21-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.3.0-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.3.1-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.3.2-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.3.3-maint |
|---|---|
| Broken in: | v1.3.3.1 |
| Broken in: | v1.3.3.2 |
| Broken in: | v1.3.3.3 |
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.3.4-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v1.3.5-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v2.0-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v2.1-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v2.2-maint |
|---|---|
| Broken in: | v2.2.1 |
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v3.0-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v3.2-maint |
|---|---|
| Broken in: | v3.2.1 |
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |
| Branch | v3.7-maint |
|---|---|
| Broken by: | 23ad665cb05ef9ce7d298cc34bff5efb95ef6948 |