CVE-2014-8135

Published: Dec 19, 2014Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.

Affected (1)

Products: Redhat: Libvirt

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Libvirt	All versions

References (10)

http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=87b9437f8951f9d24f9a85c6bbfff0e54df8c984

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html

Source: secalert@redhat.com

http://secunia.com/advisories/61111

Source: secalert@redhat.com

http://security.libvirt.org/2014/0009.html

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1087104

Source: secalert@redhat.com

Exploit

http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=87b9437f8951f9d24f9a85c6bbfff0e54df8c984

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/61111

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.libvirt.org/2014/0009.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1087104

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.