Common Vulnerabilities and Exposures assigned an identifier CVE-2014-8135 to the following vulnerability: Name: CVE-2014-8135 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8135 Assigned: 20141010 Reference: http://secunia.com/advisories/61111 The storageVolUpload function in storage/storage_driver.c in libvirt does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command. Upstream commit that addresses this issue: http://libvirt.org/git/?p=libvirt.git;a=commit;h=87b9437f8951f9d24f9a85c6bbfff0e54df8c984
Upstream advisory: http://security.libvirt.org/2014/0009.html
Statement: This issue affects the versions of libvirt as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.