ELSA-2014-1873 -- Oracle libvirtID: oval:org.secpod.oval:def:1500805 | Date: (C)2015-01-02 (M)2023-02-20 |
Class: PATCH | Family: unix |
An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process.