CVE-2013-6458

critical

Description

Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1043069

http://www.ubuntu.com/usn/USN-2093-1

http://www.debian.org/security/2014/dsa-2846

http://security.gentoo.org/glsa/glsa-201412-04.xml

http://secunia.com/advisories/60895

http://secunia.com/advisories/56446

http://secunia.com/advisories/56186

http://rhn.redhat.com/errata/RHSA-2014-0103.html

http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html

http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html

http://libvirt.org/news.html

Details

Source: Mitre, NVD

Published: 2014-01-24

Updated: 2015-01-03

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical