Main Vulnerability Database Vulnerabilities #VU32583

Race condition in libvirt - CVE-2013-6458

Published: January 24, 2014 / Updated: July 28, 2020

Vulnerability identifier: #VU32583

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-6458

CWE-ID: CWE-362

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: libvirt.org

Affected software:
libvirt

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.

How to mitigate CVE-2013-6458

Install update from vendor's website.

Race condition in libvirt - CVE-2013-6458

Detailed vulnerability description

How to mitigate CVE-2013-6458

Sources

Please verify you're human