Vulnerability in Fedoraproject Fedora

CVE-2013-6456

The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) v…

EPSS: 0.002 (47.3th percentile) — read the EPSS interpretation.

Affected products

Fedoraproject Fedora — versions 20
Redhat Libvirt — versions 1.0.1, 1.0.2, 1.0.3
N/a — versions n/a

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

secalert@redhat.com (x_refsource_CONFIRM)
56187 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
60895 (x_refsource_SECUNIA, third-party-advisory)
GLSA-201412-04 (vendor-advisory, x_refsource_GENTOO)
secalert@redhat.com (x_refsource_CONFIRM)
openSUSE-SU-2014:0593 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
FEDORA-2014-2864 (x_refsource_FEDORA, vendor-advisory)
65743 (vdb-entry, x_refsource_BID)