Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-8136

Опубликовано: 17 дек. 2014
Источник: redhat
CVSS2: 1.8
EPSS Низкий

Описание

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

It was found that QEMU's qemuDomainMigratePerform() and qemuDomainMigrateFinish2() functions did not correctly perform a domain unlock on a failed ACL check. A remote attacker able to establish a connection to libvirtd could use this flaw to lock a domain of a more privileged user, causing a denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5libvirtUnder investigation
Red Hat Enterprise Linux 6libvirtUnder investigation
Red Hat Storage 2.1libvirtWill not fix
Red Hat Enterprise Linux 7libvirtFixedRHSA-2015:032305.03.2015
Red Hat Gluster Storage 3.1 for RHEL 7libvirtFixedRHSA-2015:032305.03.2015
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7libvirtFixedRHSA-2015:032305.03.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1176176libvirt: local denial of service in qemu/qemu_driver.c

EPSS

Процентиль: 33%
0.00131
Низкий

1.8 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-8136

ubuntu
больше 10 лет назад

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

nvd логотип

CVE-2014-8136

nvd
больше 10 лет назад

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

debian логотип

CVE-2014-8136

debian
больше 10 лет назад

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 func ...

github логотип

GHSA-24wj-qprw-6f7x

github
больше 3 лет назад

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

oracle-oval логотип

ELSA-2015-0323

oracle-oval
больше 10 лет назад

ELSA-2015-0323: libvirt security, bug fix, and enhancement update (LOW)

EPSS

Процентиль: 33%
0.00131
Низкий

1.8 Low

CVSS2