Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 532204 (CVE-2014-8131) - <app-emulation/libvirt-1.2.10-r2: deadlock and segfault in qemuConnectGetAllDomainStats (CVE-2014-8131)
Summary: <app-emulation/libvirt-1.2.10-r2: deadlock and segfault in qemuConnectGetAllD...
Alias: CVE-2014-8131
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on:
Reported: 2014-12-10 22:03 UTC by Kristian Fiskerstrand (RETIRED)
Modified: 2014-12-24 21:11 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-12-10 22:03:17 UTC
From ${URL}:
When user doesn't have read access on one of the domains he requested,
the for loop in qemuConnectGetAllDomainStats() could exit abruptly or
continue and override pointer which pointed to locked object.

With certain configuration, this can either cause a deadlock (it leaves a
domain locked) or a segmentation fault when domain object has its reference
counter decremented when it was not incremented.

With certain configuration, a remote attacker able to establish a read-only
connection to libvirtd could use this flaw to caus denial of service condition
or crash libvirtd.

Introduced by:;a=commit;h=d1bde8ed;a=commit;h=1f4831ee

Upstream patch:
Comment 1 Matthias Maier gentoo-dev 2014-12-10 22:56:23 UTC
*libvirt-1.2.10-r1 (10 Dec 2014)

  10 Dec 2014; Matthias Maier <>
  +files/libvirt-1.2.10-cve-2014-8131.patch, +libvirt-1.2.10-r1.ebuild,
  -libvirt-1.2.10.ebuild, -libvirt-
  fix for CVE-2014-8131, bug #532204, drop vulnerable unstable

Vulnerable version left in tree: 1.2.9-r2.

I wanted to start the stabilization of libvirt-1.2.10 today anyway. So we just go for it :-)

Arches, please mark stable app-emulation/libvirt-1.2.10-r1

Target keywords: amd64 x86
Comment 2 Agostino Sarubbo gentoo-dev 2014-12-11 08:50:44 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2014-12-11 08:50:58 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 4 Matthias Maier gentoo-dev 2014-12-11 09:05:33 UTC
  11 Dec 2014; Matthias Maier <> -libvirt-1.2.9-r2.ebuild:
  drop vulnerable version, CVE-2014-8131, bug #532204
Comment 5 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-12-11 09:10:27 UTC
GLSA Vote: No
Comment 6 Matthias Maier gentoo-dev 2014-12-11 14:41:46 UTC
*libvirt-1.2.10-r2 (11 Dec 2014)

  11 Dec 2014; Matthias Maier <>
  +files/libvirt-1.2.10-cve-2014-8131-part2.patch, +libvirt-1.2.10-r2.ebuild:
  Apply followup patch as well, CVE-2014-8131, bug #532204

The upstream patch 57023c0a3af4af1c547189c1f6712ed5edeb0c0b as applied in 1.2.10-r1 did open up another security issue [1]. Applied the followup commit cb104ef734dfea12cb8826dba7e2c98912c4b7e1 that fixes it to version 1.2.10-r2.


Arches, please stabilize app-emulation/libvirt-1.2.10-r2

Target-keywords: amd64 x86
Comment 7 Agostino Sarubbo gentoo-dev 2014-12-12 09:09:58 UTC
amd64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2014-12-12 09:23:48 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 9 Matthias Maier gentoo-dev 2014-12-12 10:29:45 UTC
  12 Dec 2014; Matthias Maier <> -libvirt-1.2.10-r1.ebuild:
  drop vulnerable version, CVE-2014-8131, bug #532204
Comment 10 Sergey Popov gentoo-dev 2014-12-24 20:21:07 UTC
Added to existing GLSA request
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2014-12-24 21:11:41 UTC
This issue was resolved and addressed in
 GLSA 201412-36 at
by GLSA coordinator Kristian Fiskerstrand (K_F).