Bug 1427090 – CVE-2017-2635 libvirt: Null pointer dereference when updating storage size on empty drives

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1427090 - (CVE-2017-2635) CVE-2017-2635 libvirt: Null pointer dereference when updating storage size on empty drives

Summary:	CVE-2017-2635 libvirt: Null pointer dereference when updating storage size on...

Status:	CLOSED NOTABUG

Aliases:	CVE-2017-2635

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20170209,repor...
Keywords:	Security

Depends On:	1420718
Blocks:	1427095
	Show dependency tree / graph

Reported:	2017-02-27 05:56 EST by Adam Mariš
Modified:	2018-08-24 13:40 EDT (History)
CC List:	37 users (show)

See Also:
Fixed In Version:	libvirt 3.1.0
Doc Type:	If docs needed, set a value
Doc Text:	A NULL pointer deference flaw was found in the way libvirt handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2017-03-29 06:37:41 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Adam Mariš 2017-02-27 05:56:13 EST

A NULL pointer dereference vulnerability was found in virStorageSourceUpdateBlockPhysicalSize when attempted to call on empty drives. Unprivileged local user can trigger this bug to crash libvirtd.

Upstream patch:

https://libvirt.org/git/?p=libvirt.git;a=commit;h=c3de387380f6057ee0e46cd9f2f0a092e8070875

Introduced by:

https://libvirt.org/git/?p=libvirt.git;a=commit;h=c5f6151390

Comment 3 Dhiru Kholia 2017-03-09 03:00:22 EST

Acknowledgments:

Name: Yanqiu Zhang (Red Hat)

Comment 4 Carl Song 2017-04-07 16:48:07 EDT

Could you provide the rationale behind the verdict of "NOTABUG", given there's a CVE assigned and an upstream patch exists?

Comment 6 Dhiru Kholia 2017-04-10 01:29:39 EDT

Statement:

This issue does not affect libvirt as shipped with Red Hat Enterprise Linux 5, 6 and 7 as it does not contain the affected code.

Note You need to log in before you can comment on or make changes to this bug.

agedosier
berrange
bmcclain
cfergeau
clalancette
dblechte
dkholia
eblake
eedri
erik-fedora
gklein
itamar
jdenemar
jsuchane
knoel
laine
libvirt-maint
lsurette
marcandre.lureau
mgoldboi
michal.skrivanek
pkrempa
psampaio
rbalakri
rh-spice-bugs
rjones
sbonazzo
sherold
sisharma
smohan
srevivo
ssaha
vbellur
veillard
virt-maint
ykaul
ylavi