[libvirt] CVE-2013-6457 Re: [PATCH] libxl: avoid crashing if calling `virsh numatune' on inactive domain

Eric Blake eblake at redhat.com
Tue Dec 24 13:24:17 UTC 2013


On 12/23/2013 11:02 PM, Eric Blake wrote:
> On 12/20/2013 11:36 AM, Jim Fehlig wrote:
>> Dario Faggioli wrote:
>>> by, in libxlDomainGetNumaParameters(), calling libxl_bitmap_init() as soon as
>>> possible, which avoids getting to 'cleanup:', where libxl_bitmap_dispose()
>>> happens, without having initialized the nodemap, and hence crashing after some
>>> invalid free()-s:
>>>   
>>
>> Yikes!  ACK to the fix.  I've pushed it.
> 
> This has been assigned CVE-6457; we'll get it tagged in libvirt.git and
> make sure it is backported to relevant branches once I've got more time
> (may be in 2014).

Typo, I meant CVE-2013-6457

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 604 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20131224/e00f1e32/attachment-0001.sig>


More information about the libvir-list mailing list