The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the virsh memtune command.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libvirt | Redhat | 1.0.5 (including) | 1.0.5 (including) |
| Libvirt | Redhat | 1.0.5.1 (including) | 1.0.5.1 (including) |
| Libvirt | Redhat | 1.0.5.2 (including) | 1.0.5.2 (including) |
| Libvirt | Redhat | 1.0.5.3 (including) | 1.0.5.3 (including) |
| Libvirt | Redhat | 1.0.5.4 (including) | 1.0.5.4 (including) |
| Libvirt | Redhat | 1.0.5.5 (including) | 1.0.5.5 (including) |
| Libvirt | Redhat | 1.0.5.6 (including) | 1.0.5.6 (including) |
| Libvirt | Redhat | 1.0.6 (including) | 1.0.6 (including) |
| Libvirt | Redhat | 1.1.0 (including) | 1.1.0 (including) |
| Libvirt | Redhat | 1.1.1 (including) | 1.1.1 (including) |
| Libvirt | Redhat | 1.1.2 (including) | 1.1.2 (including) |
| Libvirt | Redhat | 1.1.3 (including) | 1.1.3 (including) |
| Libvirt | Redhat | 1.1.4 (including) | 1.1.4 (including) |
| Libvirt | Redhat | 1.2.0 (including) | 1.2.0 (including) |
| Libvirt | Ubuntu | raring | * |
| Libvirt | Ubuntu | saucy | * |
| Libvirt | Ubuntu | upstream | * |