CVE-2013-6458

Name of the Vulnerable Software and Affected Versions libvirt versions prior to 1.2.1

Description The issue is related to multiple race conditions in certain functions within libvirt. These functions are virDomainBlockStats, virDomainGetBlockInf, qemuDomainBlockJobImpl, and virDomainGetBlockIoTune. The problem arises because these functions do not properly verify that the disk is attached. This oversight allows remote read-only attackers to cause a denial of service, specifically a crash of the libvirtd service, by utilizing the virDomainDetachDeviceFlags command.

Recommendations For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the virDomainDetachDeviceFlags command to minimize the risk of exploitation. Additionally, ensure that all disk attachments are properly verified before performing any operations that could trigger the race conditions in the affected functions.