Vulnerability in Redhat Libvirt

CVE-2013-6457

The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash)…

EPSS: 0.001 (33.1th percentile) — read the EPSS interpretation.

Affected products

Redhat Libvirt — versions 0.0.1, 0.0.2, 0.0.3
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

USN-2093-1 (x_refsource_UBUNTU, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
60895 (x_refsource_SECUNIA, third-party-advisory)
GLSA-201412-04 (vendor-advisory, x_refsource_GENTOO)
openSUSE-SU-2014:0268 (vendor-advisory, x_refsource_SUSE)
[libvirt] 20131220 [PATCH] libxl: avoid crashing if calling `virsh numatune' on inactive domain (mailing-list, x_refsource_MLIST)
[libvirt] 20131224 CVE-2013-6457 Re: [PATCH] libxl: avoid crashing if calling `virsh numatune' on inactive domain (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)