Lucene search

[email protected]NVD:CVE-2014-8136

HistoryDec 19, 2014 - 3:59 p.m.

CVE-2014-8136

2014-12-1915:59:10

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.5

Confidence

High

EPSS

Percentile

5.1%

JSON

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

Affected configurations

NVD

Node

mageiamageiaMatch4.0

Node

redhatlibvirtMatch-

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.04

canonicalubuntu_linuxMatch15.10

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_hpc_nodeMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch7.0

References

advisories.mageia.org/MGASA-2015-0002.html

libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=2bdcd29c713dfedd813c89f56ae98f6f3898313d

lists.opensuse.org/opensuse-updates/2015-01/msg00003.html

lists.opensuse.org/opensuse-updates/2015-01/msg00005.html

rhn.redhat.com/errata/RHSA-2015-0323.html

secunia.com/advisories/61111

www.mandriva.com/security/advisories?name=MDVSA-2015:023

www.mandriva.com/security/advisories?name=MDVSA-2015:070

www.ubuntu.com/usn/USN-2867-1

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2014-8136

cve1 nessus13 mageia1 cvelist1 ubuntucve1 openvas8 debiancve1 securityvulns2 prion1 centos1 redhat1 fedora2 gentoo1 altlinux1 ubuntu1 oraclelinux1 osv15