{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-09-17T00:00:00", "descriptions": [{"lang": "en", "value": "The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-12-12T13:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "60895", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60895"}, {"name": "GLSA-201412-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b"}, {"name": "RHSA-2014:1352", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1352.html"}, {"name": "DSA-3038", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3038"}, {"name": "USN-2366-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2366-1"}, {"name": "openSUSE-SU-2014:1290", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html"}, {"name": "60291", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60291"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://security.libvirt.org/2014/0004.html"}, {"name": "openSUSE-SU-2014:1293", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:50:17.943Z"}, "title": "CVE Program Container", "references": [{"name": "60895", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60895"}, {"name": "GLSA-201412-04", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b"}, {"name": "RHSA-2014:1352", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1352.html"}, {"name": "DSA-3038", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3038"}, {"name": "USN-2366-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2366-1"}, {"name": "openSUSE-SU-2014:1290", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html"}, {"name": "60291", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60291"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://security.libvirt.org/2014/0004.html"}, {"name": "openSUSE-SU-2014:1293", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3633", "datePublished": "2014-10-06T14:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:17.943Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:lts:*:*:*:*:*", "matchCriteriaId": "823E02CA-A145-46C2-BC4C-16DECB060B19", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:lts:*:*:*:*:*", "matchCriteriaId": "E685F933-7C10-49B6-9F4B-89478AF51761", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libvirt:libvirt:*:*:*:*:*:*:*:*", "matchCriteriaId": "990B5B59-DBA0-4116-BB1F-2B1D739C9835", "versionEndIncluding": "1.2.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B5365060-478B-4A38-90F1-789BA17BA9A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "69B82AB5-F91E-450D-AFD9-2D8551B79E1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "FDB00C9A-ACBA-4552-B76A-66D604514FEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA9E7374-0781-434B-B844-21786CC7DF7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "F128034B-6365-4566-8E83-D7AD479FFC50", "vulnerable": true}, {"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "E3BC3A67-5922-45AE-B564-550EBCE01652", "vulnerable": true}, {"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "26263705-26D6-416B-A88A-A99A1F888DD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:libvirt:libvirt:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "2D578358-EF2E-46E2-B586-F0BB169BD9B2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read."}, {"lang": "es", "value": "La funci\u00f3n qemuDomainGetBlockIoTune en qemu/qemu_driver.c en libvirt anterior a 1.2.9, cuando un disco ha sido conectado en caliente o eliminado de la imagen en vivo, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) o leer informaci\u00f3n sensible de la memoria din\u00e1mica a trav\u00e9s de una consulta blkiotune manipulada, lo que provoca una lectura fuera de rango."}], "id": "CVE-2014-3633", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-06T14:55:10.017", "references": [{"source": "secalert@redhat.com", "url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-1352.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/60291"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/60895"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://security.libvirt.org/2014/0004.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2014/dsa-3038"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2366-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-1352.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/60291"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/60895"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://security.libvirt.org/2014/0004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3038"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2366-1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Luyao Huang (Red Hat).", "affected_release": [{"advisory": "RHSA-2014:1873", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libvirt-0:0.10.2-46.el6_6.2", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-11-18T00:00:00Z"}, {"advisory": "RHSA-2014:1352", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libvirt-0:1.1.1-29.el7_0.3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-10-01T00:00:00Z"}], "bugzilla": {"description": "libvirt: qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index", "id": "1141131", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141131"}, "csaw": false, "cvss": {"cvss_base_score": "3.2", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:P/I:N/A:P", "status": "verified"}, "cwe": "CWE-125", "details": ["The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.", "An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process."], "name": "CVE-2014-3633", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "libvirt", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:storage:2.1", "fix_state": "Under investigation", "package_name": "libvirt", "product_name": "Red Hat Storage 2.1"}], "public_date": "2014-09-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3633\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3633"], "statement": "This issue does not affect the versions of libvirt packages as shipped with\nRed Hat Enterprise Linux 5.\nThis issue does affect the versions of libvirt packages as shipped with Red Hat\nEnterprise Linux 6 and 7. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.", "threat_severity": "Moderate"}

{}