CVE-2013-6458 — Race Condition in Redhat Libvirt
Severity
6.8MEDIUMNVD
EPSS
0.9%
top 24.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 24
Latest updateMay 17
Description
Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.
CVSS vector
AV:A/AC:H/C:C/I:C/A:CExploitability: 3.2 | Impact: 10.0
Affected Packages2 packages
🔴Vulnerability Details
3GHSA▶
GHSA-9hqh-qqff-45p6: Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functio↗2022-05-17
CVEList▶
CVE-2013-6458: Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functio↗2014-01-24
OSV▶
CVE-2013-6458: Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functio↗2014-01-24