CVE-2013-6457
Published: 24 January 2014
The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command.
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
upstream |
Released
(1.2.1-1)
|
lucid |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
saucy |
Released
(1.1.1-0ubuntu8.5)
|
|
Patches: upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=f9ee91d35510ccbc6fc42cef8864b291b2d220f4 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=d5f89a6dd725baf8bca1f1e28f5b858bf0053a99 (1.1.1) |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6457
- https://www.redhat.com/archives/libvir-list/2013-December/msg01258.html
- https://www.redhat.com/archives/libvir-list/2013-December/msg01176.html
- http://security.libvirt.org/2013/0019.html
- https://ubuntu.com/security/notices/USN-2093-1
- NVD
- Launchpad
- Debian