CVE-2013-6436

The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command.

Published: Jan 7, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-6436
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
redhat / libvirt	1.0.5.4	1.0.5.4.x
redhat / libvirt	1.0.5.3	1.0.5.3.x
redhat / libvirt	1.0.5	1.0.5.x
redhat / libvirt	1.0.5.6	1.0.5.6.x
redhat / libvirt	1.2.0	1.2.0.x
redhat / libvirt	1.1.2	1.1.2.x
redhat / libvirt	1.1.4	1.1.4.x
redhat / libvirt	1.0.6	1.0.6.x
redhat / libvirt	1.1.1	1.1.1.x
redhat / libvirt	1.0.5.1	1.0.5.1.x
redhat / libvirt	1.0.5.2	1.0.5.2.x
redhat / libvirt	1.0.5.5	1.0.5.5.x
redhat / libvirt	1.1.0	1.1.0.x
redhat / libvirt	1.1.3	1.1.3.x

Vulnerability Database

289,689

CVE-2013-6436