Common Vulnerabilities and Exposures assigned an identifier CVE-2014-8136 to the following vulnerability: Name: CVE-2014-8136 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8136 Assigned: 20141010 Reference: http://secunia.com/advisories/61111 The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. Upstream commit that addresses this: http://libvirt.org/git/?p=libvirt.git;a=commit;h=2bdcd29c713dfedd813c89f56ae98f6f3898313d
Created libvirt tracking bugs for this issue: Affects: fedora-all [bug 1176179]
See also the upstream announcement: http://security.libvirt.org/2014/0010.html
libvirt-1.2.9.2-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
libvirt-1.1.3.9-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:0323 https://rhn.redhat.com/errata/RHSA-2015-0323.html