Astra Linux - уязвимость в libvirt

A flaw was discovered in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver-nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to prevent another thread from concurrently modifying the driver-nwfilters object...

SUSE CVE-2011-2511

Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service libvirtd crash and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption...

SUSE CVE-2012-3445

The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain API calls with typed parameters, which might allow remote authenticated users to cause a denial of service libvirtd crash via an RPC command with nparams set to zero, which triggers an out-of-bounds read...

SUSE CVE-2015-5247

The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service libvirtd crash by triggering a failed unlink after creating a volume on a rootsquash NFS pool...

SUSE CVE-2017-2635

A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service...

SUSE CVE-2019-3840

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service...

CVE-2021-4147

A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition...

Denial Of Service (DoS)

libvirt is vulnerable to denial of service DoS attacks. The vulnerability exists as the virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain API calls with typed parameters, which might allow remote authenticated users to cause a denial of service libvirtd cra...

Red Hat Libvirt Denial of Service Vulnerability (CNVD-2018-16495)

Red Hat libvirt is a Linux API for implementing Linux virtualization features from Red Hat, Inc. It supports a variety of Hypervisors, including Xen and KVM, as well as QEMU and a number of virtual products for other operating systems. A security vulnerability exists in Red Hat Libvirt versions...

DEBIAN-CVE-2015-5247

The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service libvirtd crash by triggering a failed unlink after creating a volume on a rootsquash NFS pool...

Code injection

The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service libvirtd crash by triggering a failed unlink after creating a volume on a rootsquash NFS pool...

CVE-2013-7336

The qemuMigrationWaitForSpice function in qemu/qemumigration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service NULL pointer dereference and libvirtd crash by causing domblkstat to be called a...

Null pointer dereference

The qemuMigrationWaitForSpice function in qemu/qemumigration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service NULL pointer dereference and libvirtd crash by causing domblkstat to be called a...

qemu: job usage issue in several APIs leading to libvirtd crash

Multiple race conditions in the 1 virDomainBlockStats, 2 virDomainGetBlockInf, 3 qemuDomainBlockJobImpl, and 4 virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service libvirtd...

libvirt: denial of service with keepalive

Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service libvirtd crash by closing a connection before a keepalive response is sent...

Race condition

Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service libvirtd crash by closing a connection before a keepalive response is sent...

CVE-2013-6458

CVE-2013-6458 affects libvirt and is described in CentOS/CESA-2014:0103 as a use-after-free flaw in libvirt block APIs. A remote attacker who can establish a read-only connection to libvirtd could crash the libvirtd process or, potentially, execute arbitrary code with the libvirtd user’s privileg...

CVE-2014-1447

Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service libvirtd crash by closing a connection before a keepalive response is sent...

CVE-2013-6436

CVE-2013-6436 affects the libvirt lxc driver. The vulnerability is in lxcDomainGetMemoryParameters in libvirt before the patch/cleanup, where memory tunables are read without properly checking the LXC guest status. A local user can trigger a denial of service (NULL pointer dereference, libvirtd c...

CVE-2013-6436

The lxcDomainGetMemoryParameters method in lxc/lxcdriver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service NULL pointer dereference and libvirtd crash via a guest in the shutdown...