CVE-2014-3633
libvirt: qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.
La función qemuDomainGetBlockIoTune en qemu/qemu_driver.c en libvirt anterior a 1.2.9, cuando un disco ha sido conectado en caliente o eliminado de la imagen en vivo, permite a atacantes remotos causar una denegación de servicio (caída) o leer información sensible de la memoria dinámica a través de una consulta blkiotune manipulada, lo que provoca una lectura fuera de rango.
An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process.
An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. The updated libvirt packages have been upgraded to the 1.1.3.6 version and patched to resolve these security flaws.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-14 CVE Reserved
- 2014-09-30 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-125: Out-of-bounds Read
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b | X_refsource_confirm | |
| http://secunia.com/advisories/60291 | Third Party Advisory | |
| http://secunia.com/advisories/60895 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html | 2023-02-13 | |
| http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2014-1352.html | 2023-02-13 | |
| http://security.gentoo.org/glsa/glsa-201412-04.xml | 2023-02-13 | |
| http://security.libvirt.org/2014/0004.html | 2023-02-13 | |
| http://www.debian.org/security/2014/dsa-3038 | 2023-02-13 | |
| http://www.ubuntu.com/usn/USN-2366-1 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2014-3633 | 2014-11-18 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1141131 | 2014-11-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Libvirt Search vendor "Libvirt" | Libvirt Search vendor "Libvirt" for product "Libvirt" | <= 1.2.8 Search vendor "Libvirt" for product "Libvirt" and version " <= 1.2.8" | - |
Affected
| ||||||
| Libvirt Search vendor "Libvirt" | Libvirt Search vendor "Libvirt" for product "Libvirt" | 1.2.0 Search vendor "Libvirt" for product "Libvirt" and version "1.2.0" | - |
Affected
| ||||||
| Libvirt Search vendor "Libvirt" | Libvirt Search vendor "Libvirt" for product "Libvirt" | 1.2.1 Search vendor "Libvirt" for product "Libvirt" and version "1.2.1" | - |
Affected
| ||||||
| Libvirt Search vendor "Libvirt" | Libvirt Search vendor "Libvirt" for product "Libvirt" | 1.2.2 Search vendor "Libvirt" for product "Libvirt" and version "1.2.2" | - |
Affected
| ||||||
| Libvirt Search vendor "Libvirt" | Libvirt Search vendor "Libvirt" for product "Libvirt" | 1.2.3 Search vendor "Libvirt" for product "Libvirt" and version "1.2.3" | - |
Affected
| ||||||
| Libvirt Search vendor "Libvirt" | Libvirt Search vendor "Libvirt" for product "Libvirt" | 1.2.4 Search vendor "Libvirt" for product "Libvirt" and version "1.2.4" | - |
Affected
| ||||||
| Libvirt Search vendor "Libvirt" | Libvirt Search vendor "Libvirt" for product "Libvirt" | 1.2.5 Search vendor "Libvirt" for product "Libvirt" and version "1.2.5" | - |
Affected
| ||||||
| Libvirt Search vendor "Libvirt" | Libvirt Search vendor "Libvirt" for product "Libvirt" | 1.2.6 Search vendor "Libvirt" for product "Libvirt" and version "1.2.6" | - |
Affected
| ||||||
| Libvirt Search vendor "Libvirt" | Libvirt Search vendor "Libvirt" for product "Libvirt" | 1.2.7 Search vendor "Libvirt" for product "Libvirt" and version "1.2.7" | - |
Affected
| ||||||