[libvirt] [PATCH] CVE-2014-8131: Fix possible deadlock and segfault in qemuConnectGetAllDomainStats()
Eric Blake
eblake at redhat.com
Wed Dec 10 17:18:08 UTC 2014
On 12/10/2014 01:25 AM, Martin Kletzander wrote:
> When user doesn't have read access on one of the domains he requested,
> the for loop could exit abruptly or continue and override pointer which
> pointed to locked object.
>
> This patch fixed two issues at once. One is that domflags might have
> had QEMU_DOMAIN_STATS_HAVE_JOB even when there was no job started (this
> is fixed by doing domflags |= QEMU_DOMAIN_STATS_HAVE_JOB only when the
> job was acquired and cleaning domflags on every start of the loop.
> Second one is that the domain is kept locked when
> virConnectGetAllDomainStatsCheckACL() fails and continues the loop when
> it didn't end. Adding a simple virObjectUnlock() and clearing the
> pointer ought to do.
>
> Signed-off-by: Martin Kletzander <mkletzan at redhat.com>
> ---
>
> Since this is very low priority and it was mistakenly disclosed in
> another patch there is no embargo on this CVE. Patches to maint
> branches will be pushed after back-porting (couple of minutes).
>
> Having said that, I am probably not the right one to write up the
> libvirt security notice, but I'll try drafting one, eventually.
I can help with the security notices, as we have several other CVEs that
will also be plugged in time for 1.2.11.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 539 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20141210/1aeb6624/attachment-0001.sig>
More information about the libvir-list
mailing list