CVE-2014-8136: The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails…

low2.1CVSS 3.1

AVLACLAuNCNINAP

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

Affected

17 ranges

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	libvirt	< libvirt 1.2.9-7 (bookworm)	libvirt 1.2.9-7 (bookworm)
mageia	mageia	—	—
opensuse	opensuse	—	—
opensuse	opensuse	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_hpc_node	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_workstation	—	—
redhat	libvirt	>= 0 < 1.2.9-7	1.2.9-7
redhat	libvirt	>= 0 < 1.2.9-7	1.2.9-7
redhat	libvirt	>= 0 < 1.2.9-7	1.2.9-7
redhat	libvirt	>= 0 < 1.2.9-7	1.2.9-7
redhat	libvirt	>= 0 < 1.2.2-0ubuntu13.1.16	1.2.2-0ubuntu13.1.16

CVSS provenance

nvd2.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P

osv5.9MEDIUM