CVE-2014-8131

2015-01-0615:59:04

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

EPSS

0.001

Percentile

48.2%

JSON

The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.

OSVersionArchitecturePackageVersionFilename
Debian12alllibvirt< 1.2.9-7libvirt_1.2.9-7_all.deb
Debian11alllibvirt< 1.2.9-7libvirt_1.2.9-7_all.deb
Debian999alllibvirt< 1.2.9-7libvirt_1.2.9-7_all.deb
Debian13alllibvirt< 1.2.9-7libvirt_1.2.9-7_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libvirt	< 1.2.9-7	libvirt_1.2.9-7_all.deb
Debian	11	all	libvirt	< 1.2.9-7	libvirt_1.2.9-7_all.deb
Debian	999	all	libvirt	< 1.2.9-7	libvirt_1.2.9-7_all.deb
Debian	13	all	libvirt	< 1.2.9-7	libvirt_1.2.9-7_all.deb