Vulnerability Description
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mageia | Mageia | 4.0 |
| Redhat | Libvirt | - |
| Canonical | Ubuntu Linux | 12.04 |
| Opensuse | Opensuse | 13.1 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Hpc Node | 7.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Workstation | 7.0 |
Related Weaknesses (CWE)
References
- http://advisories.mageia.org/MGASA-2015-0002.htmlThird Party Advisory
- http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=2bdcd29c713dfedd813c89f56ae
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00003.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0323.htmlThird Party Advisory
- http://secunia.com/advisories/61111
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:023Broken Link
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:070Broken Link
- http://www.ubuntu.com/usn/USN-2867-1Third Party Advisory
- http://advisories.mageia.org/MGASA-2015-0002.htmlThird Party Advisory
- http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=2bdcd29c713dfedd813c89f56ae
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00003.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00005.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0323.htmlThird Party Advisory
- http://secunia.com/advisories/61111
FAQ
What is CVE-2014-8136?
CVE-2014-8136 is a vulnerability with a CVSS score of 2.1 (LOW). The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial...
How severe is CVE-2014-8136?
CVE-2014-8136 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8136?
Check the references section above for vendor advisories and patch information. Affected products include: Mageia Mageia, Redhat Libvirt, Canonical Ubuntu Linux, Opensuse Opensuse, Redhat Enterprise Linux Desktop.