Race conditions in libvirt functions leading to denial of service via virDomainDetachDeviceFlags

Race conditions in libvirt functions leading to denial of service via virDomainDetachDeviceFlags

CVE-2013-6458 · MEDIUM Severity

AV:A/AC:H/AU:N/C:C/I:C/A:C

Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.

Learn more about our Iot Penetration Testing.