When user doesn't have read access on one of the domains he requested, the for loop in qemuConnectGetAllDomainStats() could exit abruptly or continue and override pointer which pointed to locked object. With certain configuration, this can either cause a deadlock (it leaves a domain locked) or a segmentation fault when domain object has its reference counter decremented when it was not incremented. With certain configuration, a remote attacker able to establish a read-only connection to libvirtd could use this flaw to caus denial of service condition or crash libvirtd. Introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=d1bde8ed http://libvirt.org/git/?p=libvirt.git;a=commit;h=1f4831ee Upstream patches: https://www.redhat.com/archives/libvir-list/2014-December/msg00551.html https://www.redhat.com/archives/libvir-list/2014-December/msg00600.html
Statement: Not vulnerable. This issue does not affect the versions of libvirt packages as shipped with Red Hat Enterprise Linux 5, 6 and 7.
Created libvirt tracking bugs for this issue: Affects: fedora-all [bug 1172571]
Upstream advisory: http://security.libvirt.org/2014/0008.html
libvirt-1.2.9.2-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.