CVE-2013-6458

EPSS 0.89%

libvirt - several

Published: 1/24/2014Modified: 4/28/2026

Also known as:DSA-2846-1DEBIAN-CVE-2013-6458

Description

Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.

Affected packages (2)

Debian/libvirtfrom 0, < 1.2.1-1
Debian/libvirtfrom 0, < 0.9.12.3-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-6458