CVE-2013-6436Redhat Libvirt vulnerability

CWE-2649 documents8 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 79.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Libvirt
Timeline
PublishedJan 7
Latest updateMay 17

Description

The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

Debianredhat/libvirt< 1.2.0-1+3
NVDredhat/libvirt14 versions+13

🔴Vulnerability Details

3
GHSA
GHSA-3r95-9fm6-xqcf: The lxcDomainGetMemoryParameters method in lxc/lxc_driver2022-05-17
OSV
CVE-2013-6436: The lxcDomainGetMemoryParameters method in lxc/lxc_driver2014-01-07
CVEList
CVE-2013-6436: The lxcDomainGetMemoryParameters method in lxc/lxc_driver2014-01-07

📋Vendor Advisories

3
Ubuntu
libvirt vulnerabilities2014-01-30
Red Hat
libvirt: crash in lxcDomainGetMemoryParameters2013-12-20
Debian
CVE-2013-6436: libvirt - The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 thr...2013

💬Community

2
Bugzilla
CVE-2013-6436 libvirt: crash in lxcDomainGetMemoryParameters [fedora-all]2014-01-07
Bugzilla
CVE-2013-6436 libvirt: crash in lxcDomainGetMemoryParameters2013-12-12
CVE-2013-6436 — Redhat Libvirt vulnerability | cvebase