CVE-2013-6457Redhat Libvirt vulnerability

CWE-2648 documents8 sources
Severity
5.2MEDIUMNVD
EPSS
0.1%
top 66.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Libvirt
Timeline
PublishedJan 24
Latest updateMay 17

Description

The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command.

CVSS vector

AV:A/AC:L/C:P/I:P/A:PExploitability: 5.1 | Impact: 6.4

Affected Packages2 packages

Debianredhat/libvirt< 1.2.1-1+3
NVDredhat/libvirt1.2.0+109

🔴Vulnerability Details

3
GHSA
GHSA-cw6x-8qwh-8q47: The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver2022-05-17
OSV
CVE-2013-6457: The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver2014-01-24
CVEList
CVE-2013-6457: The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver2014-01-24

📋Vendor Advisories

3
Ubuntu
libvirt vulnerabilities2014-01-30
Red Hat
libvirt: avoid crashing if calling 'virsh numatune' on an inactive domain (libxl)2013-12-20
Debian
CVE-2013-6457: libvirt - The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_drive...2013

💬Community

1
Bugzilla
CVE-2013-6457 libvirt: avoid crashing if calling 'virsh numatune' on an inactive domain (libxl)2014-01-05
CVE-2013-6457 — Redhat Libvirt vulnerability | cvebase