Description Agostino Sarubbo 2014-10-01 07:20:55 UTC

From ${URL} :

Description:
The qemu implementation of virDomainGetBlockIoTune computed an index into the array of disks for the live definition, then used it as the index into the array of disks for the persistent definition. If management had hot-plugged disks to the live definition, the 
two arrays are not necessarily the same length, and this could result in the persistent definition dereferencing an out-of-bounds pointer.

Impact:
A read-only client can cause a denial of service attack against a privileged client if the out-of-bounds dereference causes libvirtd to crash, or possibly gain read access to sensitive information residing in the heap.

Workaround:
The out-of-bounds access is only possible on domains that have had disks hot-plugged or removed from the live image without also updating the persistent definition to match; keeping the two definitions matched or using only transient domains will avoid the 
problem. Denying access to the readonly libvirt socket will avoid the potential for a denial of service attack, but will not prevent the out-of-bounds access from causing a crash for a privileged client, although such a crash is no longer a security problem.



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.