Vulnerability in Redhat Libvirt

CVE-2013-6458

Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows…

Vulnerability class: Race Condition

EPSS: 0.009 (76.0th percentile) — read the EPSS interpretation.

Affected products

Redhat Libvirt — versions 0.0.1, 0.0.2, 0.0.3
N/a — versions n/a

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

USN-2093-1 (x_refsource_UBUNTU, vendor-advisory)
56446 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
DSA-2846 (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
60895 (x_refsource_SECUNIA, third-party-advisory)
GLSA-201412-04 (vendor-advisory, x_refsource_GENTOO)
openSUSE-SU-2014:0268 (vendor-advisory, x_refsource_SUSE)
RHSA-2014:0103 (x_refsource_REDHAT, vendor-advisory)
56186 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)