CVE-2014-8136

2014-12-1915:59:10

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

EPSS

Percentile

5.1%

JSON

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

OSVersionArchitecturePackageVersionFilename
Debian12alllibvirt< 1.2.9-7libvirt_1.2.9-7_all.deb
Debian11alllibvirt< 1.2.9-7libvirt_1.2.9-7_all.deb
Debian999alllibvirt< 1.2.9-7libvirt_1.2.9-7_all.deb
Debian13alllibvirt< 1.2.9-7libvirt_1.2.9-7_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libvirt	< 1.2.9-7	libvirt_1.2.9-7_all.deb
Debian	11	all	libvirt	< 1.2.9-7	libvirt_1.2.9-7_all.deb
Debian	999	all	libvirt	< 1.2.9-7	libvirt_1.2.9-7_all.deb
Debian	13	all	libvirt	< 1.2.9-7	libvirt_1.2.9-7_all.deb