Vigil@nce - libvirt: denial of service via libxlDomainGetNumaParameters
January 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can call "virsh numatune" on an inactive domain,
in order to trigger a denial of service of libvirt.
Impacted products: Unix (platform)
Severity: 2/4
Creation date: 16/01/2014
DESCRIPTION OF THE VULNERABILITY
The libvirt library provides a standard interface on several
virtualization products (Xen, QEMU, KVM, etc.).
The libxlDomainGetNumaParameters() function of the
src/libxl/libxl_driver.c file obtains information about NUMA
(Non-Uniform Memory Access). However, if the domain is inactive,
it uses an uninitialized structure.
A local attacker can therefore call "virsh numatune" on an
inactive domain, in order to trigger a denial of service of
libvirt.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libvirt-denial-of-service-via-libxlDomainGetNumaParameters-14101