Vigil@nce - libvirt: unreachable memory reading via qemuDomainGetBlockIoTune
October 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force a read at an invalid address in
qemuDomainGetBlockIoTune() of libvirt, in order to trigger a
denial of service.
Impacted products: Debian, MBS, RHEL, Ubuntu
Severity: 2/4
Creation date: 29/09/2014
DESCRIPTION OF THE VULNERABILITY
The libvirt library provides a standard interface on several
virtualization products (Xen, QEMU, KVM, etc.).
However, the qemuDomainGetBlockIoTune() function tries to read a
memory area which is not reachable, which triggers a fatal error.
An attacker can therefore force a read at an invalid address in
qemuDomainGetBlockIoTune() of libvirt, in order to trigger a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN