Arch Linux Security Advisory ASA-201409-5
========================================
Severity: Medium
Date    : 2014-09-29
CVE-ID  : CVE-3633
Package : libvirt
Type    : out-of-bounds read access
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE-2014

Summary
======
The package libvirt before version 1.2.8-2 is
vulnerable to an out-of-bounds read access in qemuDomainGetBlockIoTune()..

Resolution
=========
Upgrade to 1.2.8-2.

# pacman -Syu "libvirt>=1.2.8-2"

The problem has been fixed upstream [0] but no release is available yet.

Workaround
=========
The out-of-bounds access is only possible on domains that have had disks
hot-plugged or removed from the live image without also updating the
persistent definition to match; keeping the two definitions matched or
using only transient domains will avoid the problem. Denying access to
the readonly libvirt socket will avoid the potential for a denial of
service attack, but will not prevent the out-of-bounds access from
causing a crash for a privileged client, although such a crash is no
longer a security problem.

Description
==========
Luyao Huang of Red Hat found that the qemu implementation of
virDomainGetBlockIoTune computed an index into the array of disks
for the live definition, then used it as the index into the array of
disks for the persistent definition, which could result into an
out-of-bounds read access in qemuDomainGetBlockIoTune().

Impact
=====
A remote attacker able to establish a read-only connection to
libvirtd could use this flaw to crash libvirtd or, potentially,
leak memory from the libvirtd process.

References
=========
[0]
https://gitlab.com/libvirt/libvirt;a=commit;h=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633
https://security.libvirt.org/2014/0004.html
https://bugs.archlinux.org/task/42159

ArchLinux: 201409-5: libvirt: out-of-bounds read access

September 29, 2014

Summary

Luyao Huang of Red Hat found that the qemu implementation of virDomainGetBlockIoTune computed an index into the array of disks for the live definition, then used it as the index into the array of disks for the persistent definition, which could result into an out-of-bounds read access in qemuDomainGetBlockIoTune().

Resolution

Upgrade to 1.2.8-2. # pacman -Syu "libvirt>=1.2.8-2"
The problem has been fixed upstream [0] but no release is available yet.

References

[0] https://gitlab.com/libvirt/libvirt;a=commit;h=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633 https://security.libvirt.org/2014/0004.html https://bugs.archlinux.org/task/42159

Severity
Package : libvirt
Type : out-of-bounds read access
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE-2014

Workaround

The out-of-bounds access is only possible on domains that have had diskshot-plugged or removed from the live image without also updating thepersistent definition to match; keeping the two definitions matched orusing only transient domains will avoid the problem. Denying access tothe readonly libvirt socket will avoid the potential for a denial ofservice attack, but will not prevent the out-of-bounds access fromcausing a crash for a privileged client, although such a crash is nolonger a security problem.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved