CVE-2014-8135
Published: 19 December 2014
The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(code not present)
|
precise |
Not vulnerable
(code not present)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Released
(1.2.9-7,1.2.11)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Not vulnerable
(1.2.12-0ubuntu14.2)
|
|
Patches: upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=05ba8c50b15f7078ba7981f550fc59c3dc74c469 |