CVE-2014-8131

Publication date 6 January 2015

Last updated 24 July 2024

The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libvirt	15.04 vivid	Not affected
	14.10 utopic	Ignored
	14.04 LTS trusty	Not affected
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libvirt	Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=57023c0a3af4af1c547189c1f6712ed5edeb0c0b Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=cb104ef734dfea12cb8826dba7e2c98912c4b7e1 Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=27431ec96e617f186bd3f5900aeb7d622770533a

CVE-2014-8131

Status

Patch details

References

Other references