Vulnerability in Mageia
CVE-2014-8136
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
EPSS: 0.001 (25.2th percentile) — read the EPSS interpretation.
Affected products
- Mageia — versions 4.0
- Canonical Ubuntu_linux — versions 12.04, 14.04, 15.04
- Opensuse — versions 13.1, 13.2
- Redhat Enterprise_linux_desktop — versions 7.0
- Redhat Enterprise_linux_hpc_node — versions 7.0
- Redhat Enterprise_linux_server — versions 7.0
- Redhat Enterprise_linux_workstation — versions 7.0
- Redhat Libvirt
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_CONFIRM)
- MDVSA-2015:070 (vendor-advisory, x_refsource_MANDRIVA, Broken Link)
- openSUSE-SU-2015:0006 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- 61111 (x_refsource_SECUNIA, third-party-advisory)
- openSUSE-SU-2015:0008 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- RHSA-2015:0323 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- MDVSA-2015:023 (vendor-advisory, x_refsource_MANDRIVA, Broken Link)
- USN-2867-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)