CVE-2011-1146

Name of the Vulnerable Software and Affected Versions libvirt versions 0.8.2 through 0.8.8

Description The issue allows remote attackers to cause a denial of service or possibly execute arbitrary code via specific API calls, including virNodeDeviceDettach, virNodeDeviceReset, virDomainRevertToSnapshot, virDomainSnapshotDelete, virNodeDeviceReAttach, or virConnectDomainXMLToNative. Exploitation can lead to disruption of confidentiality, integrity, and availability of protected information. The vulnerability can be exploited locally.

Recommendations For libvirt versions 0.8.2 through 0.8.8, consider disabling the virNodeDeviceDettach, virNodeDeviceReset, virDomainRevertToSnapshot, virDomainSnapshotDelete, virNodeDeviceReAttach, and virConnectDomainXMLToNative functions until a patch is available. Restrict access to the libvirt API to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.