CVE-2013-6436

Name of the Vulnerable Software and Affected Versions libvirt versions 1.0.5 through 1.2.0

Description The issue is related to the lxcDomainGetMemoryParameters method in lxc/lxc driver.c, which does not properly check the status of LXC guests when reading memory tunables. This allows local users to cause a denial of service, resulting in a NULL pointer dereference and libvirtd crash, via a guest in the shutdown status. The "virsh memtune" command can be used to demonstrate this issue.

Recommendations For libvirt versions 1.0.5 through 1.2.0, consider restricting access to the lxcDomainGetMemoryParameters method until a patch is available. As a temporary workaround, avoid using the "virsh memtune" command on guests in the shutdown status to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.