2.1

CVE-2013-6436

The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatLibvirt Version1.0.5
RedhatLibvirt Version1.0.5.1
RedhatLibvirt Version1.0.5.2
RedhatLibvirt Version1.0.5.3
RedhatLibvirt Version1.0.5.4
RedhatLibvirt Version1.0.5.5
RedhatLibvirt Version1.0.5.6
RedhatLibvirt Version1.0.6
RedhatLibvirt Version1.1.0
RedhatLibvirt Version1.1.1
RedhatLibvirt Version1.1.2
RedhatLibvirt Version1.1.3
RedhatLibvirt Version1.1.4
RedhatLibvirt Version1.2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.271
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/60895
http://security.gentoo.org/glsa/glsa-201412-04.xml
http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=f8c1cb90213508c4f32549023b0572ed774e48aa
http://lists.opensuse.org/opensuse-updates/2014-01/msg00004.html
http://osvdb.org/101485
http://secunia.com/advisories/56245
http://www.ubuntu.com/usn/USN-2093-1
https://www.redhat.com/archives/libvir-list/2013-December/msg01170.html