Bug 1042252 – CVE-2013-6436 libvirt: crash in lxcDomainGetMemoryParameters

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1042252 - (CVE-2013-6436) CVE-2013-6436 libvirt: crash in lxcDomainGetMemoryParameters

Summary:	CVE-2013-6436 libvirt: crash in lxcDomainGetMemoryParameters

Status:	CLOSED NOTABUG

Aliases:	CVE-2013-6436

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20131220,repor...
Keywords:	Security

Depends On:	1049136 1049137
Blocks:	1042300
	Show dependency tree / graph

Reported:	2013-12-12 16:31 EST by Petr Matousek
Modified:	2015-10-15 14:08 EDT (History)
CC List:	7 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2013-12-12 16:36:23 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Petr Matousek 2013-12-12 16:31:56 EST

The lxcDomainGetMemoryParameters method in the LXC driver did not check whether the guest being accessed was running or not. When shutoff there will be no virCgroupPtr instance associated with the guest. Reading memory tunables involves calling methods with the virCgroupPtr object as a parameter. This will lead to a crash accessing a NULL pointer.

A remote user able to issue commands to libvirt daemon could use this flaw to crash libvirtd.

Acknowledgements:

This issue was discovered by Martin Kletzander of Red Hat.

Comment 1 Petr Matousek 2013-12-12 16:36:23 EST

Statement:

Not vulnerable.

This issue did not affect the libvirt packages as shipped with Red Hat Enterprise Linux 5 and 6.

Comment 3 Murray McAllister 2014-01-07 00:12:33 EST

This issue was fixed upstream. Refer to:

https://www.redhat.com/archives/libvir-list/2013-December/msg01161.html
https://www.redhat.com/archives/libvir-list/2013-December/msg01162.html
https://www.redhat.com/archives/libvir-list/2013-December/msg01163.html

Comment 4 Murray McAllister 2014-01-07 00:16:24 EST

Created libvirt tracking bugs for this issue:

Affects: fedora-all [bug 1049136]

Note You need to log in before you can comment on or make changes to this bug.