CVE-2013-6436

2014-01-0719:55:06

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

AI Score

7.4

Confidence

High

EPSS

Percentile

5.1%

JSON

The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the “virsh memtune” command.

Affected configurations

Nvd

Node

redhatlibvirtMatch1.0.5

redhatlibvirtMatch1.0.5.1

redhatlibvirtMatch1.0.5.2

redhatlibvirtMatch1.0.5.3

redhatlibvirtMatch1.0.5.4

redhatlibvirtMatch1.0.5.5

redhatlibvirtMatch1.0.5.6

redhatlibvirtMatch1.0.6

redhatlibvirtMatch1.1.0

redhatlibvirtMatch1.1.1

redhatlibvirtMatch1.1.2

redhatlibvirtMatch1.1.3

redhatlibvirtMatch1.1.4

redhatlibvirtMatch1.2.0

VendorProductVersionCPE
redhatlibvirt1.0.5cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*
redhatlibvirt1.0.5.1cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*
redhatlibvirt1.0.5.2cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*
redhatlibvirt1.0.5.3cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*
redhatlibvirt1.0.5.4cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*
redhatlibvirt1.0.5.5cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*
redhatlibvirt1.0.5.6cpe:2.3:a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*
redhatlibvirt1.0.6cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*
redhatlibvirt1.1.0cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*
redhatlibvirt1.1.1cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	libvirt	1.0.5	cpe:2.3:a:redhat:libvirt:1.0.5:::::::*
redhat	libvirt	1.0.5.1	cpe:2.3:a:redhat:libvirt:1.0.5.1:::::::*
redhat	libvirt	1.0.5.2	cpe:2.3:a:redhat:libvirt:1.0.5.2:::::::*
redhat	libvirt	1.0.5.3	cpe:2.3:a:redhat:libvirt:1.0.5.3:::::::*
redhat	libvirt	1.0.5.4	cpe:2.3:a:redhat:libvirt:1.0.5.4:::::::*
redhat	libvirt	1.0.5.5	cpe:2.3:a:redhat:libvirt:1.0.5.5:::::::*
redhat	libvirt	1.0.5.6	cpe:2.3:a:redhat:libvirt:1.0.5.6:::::::*
redhat	libvirt	1.0.6	cpe:2.3:a:redhat:libvirt:1.0.6:::::::*
redhat	libvirt	1.1.0	cpe:2.3:a:redhat:libvirt:1.1.0:::::::*
redhat	libvirt	1.1.1	cpe:2.3:a:redhat:libvirt:1.1.1:::::::*