Bug 1042252 (CVE-2013-6436) - CVE-2013-6436 libvirt: crash in lxcDomainGetMemoryParameters
Summary: CVE-2013-6436 libvirt: crash in lxcDomainGetMemoryParameters
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2013-6436
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1049136 1049137
Blocks: 1042300
TreeView+ depends on / blocked
 
Reported: 2013-12-12 21:31 UTC by Petr Matousek
Modified: 2023-05-12 01:13 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-12-12 21:36:23 UTC
Embargoed:

Attachments (Terms of Use)

Description Petr Matousek 2013-12-12 21:31:56 UTC 
The lxcDomainGetMemoryParameters method in the LXC driver did not check whether the guest being accessed was running or not. When shutoff there will be no virCgroupPtr instance associated with the guest. Reading memory tunables involves calling methods with the virCgroupPtr object as a parameter. This will lead to a crash accessing a NULL pointer.

A remote user able to issue commands to libvirt daemon could use this flaw to crash libvirtd.

Acknowledgements:

This issue was discovered by Martin Kletzander of Red Hat.
Comment 1 Petr Matousek 2013-12-12 21:36:23 UTC 
Statement:

Not vulnerable.

This issue did not affect the libvirt packages as shipped with Red Hat Enterprise Linux 5 and 6.
Comment 3 Murray McAllister 2014-01-07 05:12:33 UTC 
This issue was fixed upstream. Refer to:

https://www.redhat.com/archives/libvir-list/2013-December/msg01161.html
https://www.redhat.com/archives/libvir-list/2013-December/msg01162.html
https://www.redhat.com/archives/libvir-list/2013-December/msg01163.html
Comment 4 Murray McAllister 2014-01-07 05:16:24 UTC 
Created libvirt tracking bugs for this issue:

Affects: fedora-all [bug 1049136]
Note You need to log in before you can comment on or make changes to this bug.