[libvirt] LSN-2014-0008: CVE-2014-8131 deadlock or segfault in virConnectGetAllDomainStats

Eric Blake eblake at redhat.com
Tue Dec 23 20:53:32 UTC 2014 

        Libvirt Security Notice: LSN-2014-0008
        ======================================

       Summary: deadlock or segfault in virConnectGetAllDomainStats
   Reported on: 20141127
  Published on: 20141205
      Fixed on: 20141211
   Reported by: Martin Kletzander <mkletzan at redhat.com>
    Patched by: Martin Kletzander <mkletzan at redhat.com>,
                Francesco Romani <fromani at redhat.com>
      See also: CVE-2014-8131

Description
-----------

When using fine-grained ACLs to restrict users from accessing all
domains, a logic bug in the qemu implementation of
virConnectGetAllDomainStats could result in incorrect lock
management of the next domain inspected after a domain that was
skipped due to ACL restrictions.

Impact
------

A restricted client can trigger a denial of service against a more
privileged user when libvirtd goes into deadlock when trying to lock
an incorrectly locked domain, or crashes when trying to unlock a
domain that was not locked.

Workaround
----------

Stop use of the fine grained access control mechanism, or stop
trying to use access control to restrict the set of domains that an
authorized client can see.

Affected product
----------------

        Name: libvirt
  Repository: git://libvirt.org/git/libvirt.git
              http://libvirt.org/git/?p=libvirt.git

      Branch: master
   Broken in: v1.2.8
   Broken in: v1.2.9
   Broken in: v1.2.10
    Fixed in: v1.2.11
   Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803
   Broken by: 1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685
    Fixed by: 57023c0a3af4af1c547189c1f6712ed5edeb0c0b
    Fixed by: cb104ef734dfea12cb8826dba7e2c98912c4b7e1

      Branch: v1.2.8-maint
   Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803
    Fixed by: 27431ec96e617f186bd3f5900aeb7d622770533a

      Branch: v1.2.9-maint
   Broken in: v1.2.9.1
   Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803
   Broken by: 1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685
    Fixed by: 5d8bee6d57cddf462912ad2fc544c8a57b1c2841
    Fixed by: dfbdea7ea8fa36d9f27942c5b2882acfd86a3c3b

      Branch: v1.2.10-maint
   Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803
   Broken by: 1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685
    Fixed by: a20e818cb3f46d2dce586327dcc49ffcd82d94cb
    Fixed by: a9638ae975a1c784d958e3fb2f0aab36b3ebddeb


-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 604 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20141223/acf841fb/attachment-0001.sig>

More information about the libvir-list mailing list