CVE-2014-8131 — MEDIUM (4.0)

Q: How severe is CVE-2014-8131?

CVE-2014-8131 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-8131?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Libvirt.

Vulnerability Description

The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.

CVSS Score

4.0

MEDIUM

AV:N/AC:L/Au:S/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Redhat	Libvirt	<= 1.2.10

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2014-8131?

CVE-2014-8131 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated use...

How severe is CVE-2014-8131?

CVE-2014-8131 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-8131?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Libvirt.