CVE-2014-3657

libvirt: domain_conf: domain deadlock DoS

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.

La función virDomainListPopulate en conf/domain_conf.c en libvirt anterior a 1.2.9 no limpia el bloqueo en la lista de dominios, lo que permite a atacantes remotos causar una denegación de servicio (bloqueo mutuo) a través de un valor nulo en el parámetro second en el comando de API virConnectListAllDomains.

A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive.

An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. The updated libvirt packages have been upgraded to the 1.1.3.6 version and patched to resolve these security flaws.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-05-14 CVE Reserved
2014-10-02 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-399: Resource Management Errors

CAPEC

References (10)

URL	Tag	Source
http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fc22b2e74890873848b43fffae43025d22053669	X_refsource_confirm
http://secunia.com/advisories/60291	Third Party Advisory
http://secunia.com/advisories/62303	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html	2023-02-13
http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2014-1352.html	2023-02-13
http://security.libvirt.org/2014/0005.html	2023-02-13
http://www.ubuntu.com/usn/USN-2404-1	2023-02-13
https://access.redhat.com/security/cve/CVE-2014-3657	2014-11-18
https://bugzilla.redhat.com/show_bug.cgi?id=1145667	2014-11-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Libvirt Search vendor "Libvirt"		Libvirt Search vendor "Libvirt" for product "Libvirt"				<= 1.2.8 Search vendor "Libvirt" for product "Libvirt" and version " <= 1.2.8"		-		Affected
Libvirt Search vendor "Libvirt"		Libvirt Search vendor "Libvirt" for product "Libvirt"				1.2.0 Search vendor "Libvirt" for product "Libvirt" and version "1.2.0"		-		Affected
Libvirt Search vendor "Libvirt"		Libvirt Search vendor "Libvirt" for product "Libvirt"				1.2.1 Search vendor "Libvirt" for product "Libvirt" and version "1.2.1"		-		Affected
Libvirt Search vendor "Libvirt"		Libvirt Search vendor "Libvirt" for product "Libvirt"				1.2.2 Search vendor "Libvirt" for product "Libvirt" and version "1.2.2"		-		Affected
Libvirt Search vendor "Libvirt"		Libvirt Search vendor "Libvirt" for product "Libvirt"				1.2.3 Search vendor "Libvirt" for product "Libvirt" and version "1.2.3"		-		Affected
Libvirt Search vendor "Libvirt"		Libvirt Search vendor "Libvirt" for product "Libvirt"				1.2.4 Search vendor "Libvirt" for product "Libvirt" and version "1.2.4"		-		Affected
Libvirt Search vendor "Libvirt"		Libvirt Search vendor "Libvirt" for product "Libvirt"				1.2.5 Search vendor "Libvirt" for product "Libvirt" and version "1.2.5"		-		Affected
Libvirt Search vendor "Libvirt"		Libvirt Search vendor "Libvirt" for product "Libvirt"				1.2.6 Search vendor "Libvirt" for product "Libvirt" and version "1.2.6"		-		Affected
Libvirt Search vendor "Libvirt"		Libvirt Search vendor "Libvirt" for product "Libvirt"				1.2.7 Search vendor "Libvirt" for product "Libvirt" and version "1.2.7"		-		Affected