SUSE CVE-2013-2230

The qemu driver qemu/qemudriver.c in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service daemon crash via unspecified vectors involving "multiple events registration."...

SUSE CVE-2013-4153

Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemuagent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service daemon crash via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command...

SUSE CVE-2013-4154

The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service NULL pointer dereference and crash via vectors related to "agent based cpu unplug," as demonstrated by the "virsh vcpucount foobar --guest" command...

SUSE CVE-2013-4239

The xenDaemonListDefinedDomains function in xen/xendinternal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service memory corruption and crash via vectors involving the virConnectListDefinedDomains API function...

SUSE CVE-2013-4291

The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges...

SUSE CVE-2013-4292

libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service memory consumption via a large number of domain migrate parameters in certain RPC calls in 1 daemon/remote.c and 2 remote/remotedriver.c...

SUSE CVE-2013-4296

The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service uninitialized pointer dereference and crash via a crafted RPC ca...

SUSE CVE-2013-4297

The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service uninitialized pointer dereference and crash via unspecified vectors...

SUSE CVE-2013-4311

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a 1 setuid process or 2 pkexec process, a related issue to CVE-2013-4288...

SUSE CVE-2013-4399

The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service use-after-free and crash by registering an event handler and then closing t...

SUSE CVE-2013-4400

virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments...

SUSE CVE-2013-4401

The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained fr...

SUSE CVE-2013-5651

The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via a crafted bitmap, as demonstrated by a large nodeset value to numatune...

SUSE CVE-2013-6436

The lxcDomainGetMemoryParameters method in lxc/lxcdriver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service NULL pointer dereference and libvirtd crash via a guest in the shutdown...

SUSE CVE-2013-6437

The libvirt driver in OpenStack Compute Nova before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service disk consumption by creating and deleting instances with unique ostype settings, which triggers the creation of a new ephemeral disk backing...

SUSE CVE-2013-6457

The libxlDomainGetNumaParameters function in the libxl driver libxl/libxldriver.c in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service invalid free operation and crash or possibly execute arbitrary code via an inactive domain to t...

SUSE CVE-2013-6458

Multiple race conditions in the 1 virDomainBlockStats, 2 virDomainGetBlockInf, 3 qemuDomainBlockJobImpl, and 4 virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service libvirtd...

SUSE CVE-2013-7130

The icreateimagesandbacking aka createimagesandbacking method in libvirt driver in OpenStack Compute Nova Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users vi...

SUSE CVE-2013-7336

The qemuMigrationWaitForSpice function in qemu/qemumigration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service NULL pointer dereference and libvirtd crash by causing domblkstat to be called a...

SUSE CVE-2014-0028

libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:searchdomains restrictions in ACLs and obtain sensitive domain object information via a request to the 1 virConnectDomainEventRegister and 2 virConnectDomainEventRegisterAny functions in the...