[Libvirt-announce] LSN-2014-0009: CVE-2014-8135 crash when using virStorageVolUpload

Eric Blake eblake at redhat.com
Tue Dec 23 20:53:35 UTC 2014

        Libvirt Security Notice: LSN-2014-0009

       Summary: crash when using virStorageVolUpload
   Reported on: 20141202
  Published on: 20141203
      Fixed on: 20141203
   Reported by: Pei Zhang <pzhang at redhat.com>
    Patched by: Luyao Huang <lhuang at redhat.com>
      See also: CVE-2014-8135


Incorrect parameter validation of the virStorageVolUpload command
could cause libvirtd to attempt to dereference NULL.


When using fine-grained ACLs, a user that is permitted to modify
storage volumes but not create arbitrary domains can use bogus
parameters to cause a denial of service attack against more
privileged users.


Passing valid parameters to virStorageVolUpload will not trigger a
problem. It is also possible to prevent the denial of service by
stopping the use of the fine grained access control mechanism, or by
not granting users the storage_vol:data_write permission if they do
not also have the domain:write permission; doing this will not
prevent the crash for invalid parameters, but such a crash is no
longer a security attack.

Affected product

        Name: libvirt
  Repository: git://libvirt.org/git/libvirt.git

      Branch: master
   Broken in: v1.2.8
   Broken in: v1.2.9
   Broken in: v1.2.10
    Fixed in: v1.2.11
   Broken by: 4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7
    Fixed by: 87b9437f8951f9d24f9a85c6bbfff0e54df8c984

      Branch: v1.2.8-maint
   Broken by: 4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7
    Fixed by: 05ba8c50b15f7078ba7981f550fc59c3dc74c469

      Branch: v1.2.9-maint
   Broken in: v1.2.9.1
   Broken by: 4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7
    Fixed by: 584e876ba2057b472074dbf177d2397392d70363

      Branch: v1.2.10-maint
   Broken by: 4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7
    Fixed by: c89df3695b397d155ca15ac174c983ae9a77387e

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

More information about the Libvirt-announce mailing list