Out-of-Bounds Read Vulnerability in libvirt's qemuDomainGetBlockIoTune Function

Out-of-Bounds Read Vulnerability in libvirt's qemuDomainGetBlockIoTune Function

CVE-2014-3633 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:P

The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.

Learn more about our Iot Penetration Testing.