LSN-2014-0008: CVE-2014-8131 deadlock or segfault in virConnectGetAllDomainStats

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



        Libvirt Security Notice: LSN-2014-0008
        ======================================

       Summary: deadlock or segfault in virConnectGetAllDomainStats
   Reported on: 20141127
  Published on: 20141205
      Fixed on: 20141211
   Reported by: Martin Kletzander <mkletzan@xxxxxxxxxx>
    Patched by: Martin Kletzander <mkletzan@xxxxxxxxxx>,
                Francesco Romani <fromani@xxxxxxxxxx>
      See also: CVE-2014-8131

Description
-----------

When using fine-grained ACLs to restrict users from accessing all
domains, a logic bug in the qemu implementation of
virConnectGetAllDomainStats could result in incorrect lock
management of the next domain inspected after a domain that was
skipped due to ACL restrictions.

Impact
------

A restricted client can trigger a denial of service against a more
privileged user when libvirtd goes into deadlock when trying to lock
an incorrectly locked domain, or crashes when trying to unlock a
domain that was not locked.

Workaround
----------

Stop use of the fine grained access control mechanism, or stop
trying to use access control to restrict the set of domains that an
authorized client can see.

Affected product
----------------

        Name: libvirt
  Repository: git://libvirt.org/git/libvirt.git
              http://libvirt.org/git/?p=libvirt.git

      Branch: master
   Broken in: v1.2.8
   Broken in: v1.2.9
   Broken in: v1.2.10
    Fixed in: v1.2.11
   Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803
   Broken by: 1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685
    Fixed by: 57023c0a3af4af1c547189c1f6712ed5edeb0c0b
    Fixed by: cb104ef734dfea12cb8826dba7e2c98912c4b7e1

      Branch: v1.2.8-maint
   Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803
    Fixed by: 27431ec96e617f186bd3f5900aeb7d622770533a

      Branch: v1.2.9-maint
   Broken in: v1.2.9.1
   Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803
   Broken by: 1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685
    Fixed by: 5d8bee6d57cddf462912ad2fc544c8a57b1c2841
    Fixed by: dfbdea7ea8fa36d9f27942c5b2882acfd86a3c3b

      Branch: v1.2.10-maint
   Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803
   Broken by: 1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685
    Fixed by: a20e818cb3f46d2dce586327dcc49ffcd82d94cb
    Fixed by: a9638ae975a1c784d958e3fb2f0aab36b3ebddeb


-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]