Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8131

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2014-8131
Last Modified 06 Jan 2015 01:57:12
Published 06 Jan 2015 10:59:04
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-8131

Summary

The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.

Vulnerable Systems

Application

  • Redhat Libvirt 1.2.10


References

CONFIRM - http://security.libvirt.org/2014/0008.html

SUSE - openSUSE-SU-2015:0008


Last Updated: 27 May 2016 11:07:26