The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the virsh memtune command.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libvirt | Redhat | 1.0.5.4 | 1.0.5.4 |
Libvirt | Redhat | 1.0.5.3 | 1.0.5.3 |
Libvirt | Redhat | 1.0.5 | 1.0.5 |
Libvirt | Redhat | 1.0.5.6 | 1.0.5.6 |
Libvirt | Redhat | 1.2.0 | 1.2.0 |
Libvirt | Redhat | 1.1.2 | 1.1.2 |
Libvirt | Redhat | 1.1.4 | 1.1.4 |
Libvirt | Redhat | 1.0.6 | 1.0.6 |
Libvirt | Redhat | 1.1.1 | 1.1.1 |
Libvirt | Redhat | 1.0.5.1 | 1.0.5.1 |
Libvirt | Redhat | 1.0.5.2 | 1.0.5.2 |
Libvirt | Redhat | 1.0.5.5 | 1.0.5.5 |
Libvirt | Redhat | 1.1.0 | 1.1.0 |
Libvirt | Redhat | 1.1.3 | 1.1.3 |