CVE-2013-6458

NameCVE-2013-6458
DescriptionMultiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2846-1
NVD severitymedium (attack range: remote)
Debian Bugs734556

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libvirt (PTS)wheezy0.9.12.3-1+deb7u1fixed
wheezy (security)0.9.12.3-1+deb7u2fixed
jessie (security), jessie1.2.9-9+deb8u3fixed
stretch2.4.0-1fixed
sid2.4.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libvirtsource(unstable)1.2.1-1medium734556
libvirtsourcesqueeze(unfixed)end-of-life
libvirtsourcewheezy0.9.12.3-1mediumDSA-2846-1

Notes

[squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
https://www.redhat.com/archives/libvir-list/2013-December/msg01202.html
upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=db86da5ca2109e4006c286a09b6c75bfe10676ad

Search for package or bug name: Reporting problems