| Reported on: | 20200114 |
|---|---|
| Published on: | 20200114 |
| Fixed on: | 20191222 |
| Reported by: | Yi Li |
|---|---|
| Han Han | |
| Patched by: | Yi Li |
The implementation of the virStoragePoolLookupByTargetPath API crashed on network-based storage pools with missing target paths.
A read-only client can cause a denial of service attack against a privileged client by crashing libvirtd if such a pool is known to libvirtd.
The crash only happens on hosts with network-based storaged pools without a target path. Denying access to the readonly libvirt socket will avoid the potential for a denial of service attack, but will not prevent the out-of-bounds access from causing a crash for a privileged client, although such a crash is no longer a security problem.
| Branch | master |
|---|---|
| Broken in: | v4.1.0 |
| Broken in: | v4.2.0 |
| Broken in: | v4.3.0 |
| Broken in: | v4.4.0 |
| Broken in: | v4.5.0 |
| Broken in: | v4.6.0 |
| Broken in: | v4.7.0 |
| Broken in: | v4.8.0 |
| Broken in: | v4.9.0 |
| Broken in: | v4.10.0 |
| Broken in: | v5.0.0 |
| Broken in: | v5.1.0 |
| Broken in: | v5.2.0 |
| Broken in: | v5.3.0 |
| Broken in: | v5.4.0 |
| Broken in: | v5.5.0 |
| Broken in: | v5.6.0 |
| Broken in: | v5.7.0 |
| Broken in: | v5.8.0 |
| Broken in: | v5.9.0 |
| Broken in: | v5.10.0 |
| Fixed in: | v6.0.0 |
| Broken by: | 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 |
| Fixed by: | dfff16a7c261f8d28e3abe60a47165f845fa952f |
| Branch | v4.1-maint |
|---|---|
| Broken by: | 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 |
| Branch | v4.2-maint |
|---|---|
| Broken by: | 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 |
| Branch | v4.3-maint |
|---|---|
| Broken by: | 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 |
| Branch | v4.4-maint |
|---|---|
| Broken by: | 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 |
| Branch | v4.5-maint |
|---|---|
| Broken by: | 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 |
| Branch | v4.6-maint |
|---|---|
| Broken by: | 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 |
| Branch | v4.7-maint |
|---|---|
| Broken by: | 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 |
| Branch | v4.8-maint |
|---|---|
| Broken by: | 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 |
| Branch | v4.9-maint |
|---|---|
| Broken by: | 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 |
| Branch | v4.10-maint |
|---|---|
| Broken by: | 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 |
| Branch | v5.0-maint |
|---|---|
| Broken by: | 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 |
| Branch | v5.1-maint |
|---|---|
| Broken by: | 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 |
| Branch | v5.1.0-maint |
|---|---|
| Broken by: | 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 |
| Branch | v5.2-maint |
|---|---|
| Broken by: | 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 |
| Branch | v5.3-maint |
|---|---|
| Broken by: | 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 |