Lucene search
HistoryJan 24, 2014 - 6:55 p.m.
CVE-2013-6458
CVSS2
6.8
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:H/Au:N/C:C/I:C/A:C
AI Score
7.6
Confidence
High
EPSS
0.02
Percentile
89.0%
Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.
Affected configurations
Node
redhatlibvirtRange≤1.2.0
ORredhatlibvirtMatch0.0.1
ORredhatlibvirtMatch0.0.2
ORredhatlibvirtMatch0.0.3
ORredhatlibvirtMatch0.0.4
ORredhatlibvirtMatch0.0.5
ORredhatlibvirtMatch0.0.6
ORredhatlibvirtMatch0.1.0
ORredhatlibvirtMatch0.1.1
ORredhatlibvirtMatch0.1.3
ORredhatlibvirtMatch0.1.4
ORredhatlibvirtMatch0.1.5
ORredhatlibvirtMatch0.1.6
ORredhatlibvirtMatch0.1.7
ORredhatlibvirtMatch0.1.8
ORredhatlibvirtMatch0.1.9
ORredhatlibvirtMatch0.2.0
ORredhatlibvirtMatch0.2.1
ORredhatlibvirtMatch0.2.2
ORredhatlibvirtMatch0.2.3
ORredhatlibvirtMatch0.3.0
ORredhatlibvirtMatch0.3.1
ORredhatlibvirtMatch0.3.2
ORredhatlibvirtMatch0.3.3
ORredhatlibvirtMatch0.4.0
ORredhatlibvirtMatch0.4.1
ORredhatlibvirtMatch0.4.2
ORredhatlibvirtMatch0.4.3
ORredhatlibvirtMatch0.4.4
ORredhatlibvirtMatch0.4.5
ORredhatlibvirtMatch0.4.6
ORredhatlibvirtMatch0.5.0
ORredhatlibvirtMatch0.5.1
ORredhatlibvirtMatch0.6.0
ORredhatlibvirtMatch0.6.1
ORredhatlibvirtMatch0.6.2
ORredhatlibvirtMatch0.6.3
ORredhatlibvirtMatch0.6.4
ORredhatlibvirtMatch0.6.5
ORredhatlibvirtMatch0.7.0
ORredhatlibvirtMatch0.7.1
ORredhatlibvirtMatch0.7.2
ORredhatlibvirtMatch0.7.3
ORredhatlibvirtMatch0.7.4
ORredhatlibvirtMatch0.7.5
ORredhatlibvirtMatch0.7.6
ORredhatlibvirtMatch0.7.7
ORredhatlibvirtMatch0.8.0
ORredhatlibvirtMatch0.8.1
ORredhatlibvirtMatch0.8.2
ORredhatlibvirtMatch0.8.3
ORredhatlibvirtMatch0.8.4
ORredhatlibvirtMatch0.8.5
ORredhatlibvirtMatch0.8.6
ORredhatlibvirtMatch0.8.7
ORredhatlibvirtMatch0.8.8
ORredhatlibvirtMatch0.9.0
ORredhatlibvirtMatch0.9.1
ORredhatlibvirtMatch0.9.2
ORredhatlibvirtMatch0.9.3
ORredhatlibvirtMatch0.9.4
ORredhatlibvirtMatch0.9.5
ORredhatlibvirtMatch0.9.6
ORredhatlibvirtMatch0.9.6.1
ORredhatlibvirtMatch0.9.6.2
ORredhatlibvirtMatch0.9.6.3
ORredhatlibvirtMatch0.9.7
ORredhatlibvirtMatch0.9.8
ORredhatlibvirtMatch0.9.9
ORredhatlibvirtMatch0.9.10
ORredhatlibvirtMatch0.9.11
ORredhatlibvirtMatch0.9.11.1
ORredhatlibvirtMatch0.9.11.2
ORredhatlibvirtMatch0.9.11.3
ORredhatlibvirtMatch0.9.11.4
ORredhatlibvirtMatch0.9.11.5
ORredhatlibvirtMatch0.9.11.6
ORredhatlibvirtMatch0.9.11.7
ORredhatlibvirtMatch0.9.11.8
ORredhatlibvirtMatch0.9.12
ORredhatlibvirtMatch0.9.13
ORredhatlibvirtMatch0.10.0
ORredhatlibvirtMatch0.10.1
ORredhatlibvirtMatch0.10.2
ORredhatlibvirtMatch0.10.2.1
ORredhatlibvirtMatch0.10.2.2
ORredhatlibvirtMatch0.10.2.3
ORredhatlibvirtMatch0.10.2.4
ORredhatlibvirtMatch0.10.2.5
ORredhatlibvirtMatch0.10.2.6
ORredhatlibvirtMatch0.10.2.7
ORredhatlibvirtMatch0.10.2.8
ORredhatlibvirtMatch1.0.0
ORredhatlibvirtMatch1.0.1
ORredhatlibvirtMatch1.0.2
ORredhatlibvirtMatch1.0.3
ORredhatlibvirtMatch1.0.4
ORredhatlibvirtMatch1.0.5
ORredhatlibvirtMatch1.0.5.1
ORredhatlibvirtMatch1.0.5.2
ORredhatlibvirtMatch1.0.5.3
ORredhatlibvirtMatch1.0.5.4
ORredhatlibvirtMatch1.0.5.5
ORredhatlibvirtMatch1.0.5.6
ORredhatlibvirtMatch1.0.6
ORredhatlibvirtMatch1.1.0
ORredhatlibvirtMatch1.1.1
ORredhatlibvirtMatch1.1.2
ORredhatlibvirtMatch1.1.3
ORredhatlibvirtMatch1.1.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | libvirt | * | cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:* |
| redhat | libvirt | 0.0.1 | cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:* |
| redhat | libvirt | 0.0.2 | cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:* |
| redhat | libvirt | 0.0.3 | cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:* |
| redhat | libvirt | 0.0.4 | cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:* |
| redhat | libvirt | 0.0.5 | cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:* |
| redhat | libvirt | 0.0.6 | cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:* |
| redhat | libvirt | 0.1.0 | cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:* |
| redhat | libvirt | 0.1.1 | cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:* |
| redhat | libvirt | 0.1.3 | cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:* |
References
libvirt.org/news.html
lists.opensuse.org/opensuse-updates/2014-02/msg00060.html
lists.opensuse.org/opensuse-updates/2014-02/msg00062.html
rhn.redhat.com/errata/RHSA-2014-0103.html
secunia.com/advisories/56186
secunia.com/advisories/56446
secunia.com/advisories/60895
security.gentoo.org/glsa/glsa-201412-04.xml
www.debian.org/security/2014/dsa-2846
www.ubuntu.com/usn/USN-2093-1
bugzilla.redhat.com/show_bug.cgi?id=1043069
Related
ubuntucve
ubuntucve
CVE-2013-6458
2014-01-24 00:00:00
prion
prion
Race condition
2014-01-24 18:55:00
cve
cve
CVE-2013-6458
2014-01-24 18:55:04
debiancve
debiancve
CVE-2013-6458
2014-01-24 18:55:04
veracode
veracode
Denial Of Service (DoS)
2018-08-14 09:02:59
Denial Of Service (DoS)
2019-01-15 08:55:47
cvelist
cvelist
CVE-2013-6458
2014-01-24 18:00:00
openvas
openvas
RedHat Update for libvirt RHSA-2014:0103-01
2014-01-30 00:00:00
Oracle: Security Advisory (ELSA-2014-0103)
2015-10-06 00:00:00
RedHat Update for libvirt RHSA-2014:0103-01
2014-01-30 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2846-1] libvirt security update
2014-01-29 00:00:00
libvirt security vulnerabilities
2014-01-29 00:00:00
nessus
nessus
RHEL 6 : libvirt (RHSA-2014:0103)
2014-01-29 00:00:00
Oracle Linux 6 : libvirt (ELSA-2014-0103)
2014-01-29 00:00:00
SuSE 11.3 Security Update : libvirt (SAT Patch Number 8886)
2014-03-03 00:00:00
debian
debian
[SECURITY] [DSA 2846-1] libvirt security update
2014-01-17 19:25:28
osv
osv
libvirt - several
2014-01-17 00:00:00
libvirt-2.5.0-1.1 on GA media
2024-06-15 00:00:00
CVE-2021-3667
2022-03-02 23:15:08
redhat
redhat
(RHSA-2014:0103) Moderate: libvirt security and bug fix update
2014-01-28 00:00:00
oraclelinux
oraclelinux
libvirt security and bug fix update
2014-01-28 00:00:00
centos
centos
libvirt security update
2014-01-29 14:05:41
mageia
mageia
Updated libvirt packages fix two vulnerabilties
2014-02-12 02:06:14
fedora
fedora
[SECURITY] Fedora 20 Update: libvirt-1.1.3.4-1.fc20
2014-02-28 18:32:30
[SECURITY] Fedora 20 Update: libvirt-1.1.3.3-1.fc20
2014-01-21 05:56:08
[SECURITY] Fedora 20 Update: libvirt-1.1.3.5-2.fc20
2014-05-24 23:24:18
ubuntu
ubuntu
libvirt vulnerabilities
2014-01-30 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package libvirt version 1.2.2-alt1
2014-03-05 00:00:00
gentoo
gentoo
libvirt: Multiple vulnerabilities
2014-12-08 00:00:00
CVSS2
6.8
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:H/Au:N/C:C/I:C/A:C
AI Score
7.6
Confidence
High
EPSS
0.02
Percentile
89.0%
Related for NVD:CVE-2013-6458