CVE-2014-8135

Name of the Vulnerable Software and Affected Versions libvirt versions prior to 1.2.11

Description The issue is related to the storageVolUpload function in storage/storage driver.c, which does not check a certain return value. This allows local users to cause a denial of service, resulting in a NULL pointer dereference and daemon crash, via a crafted offset value in a "virsh vol-upload" command.

Recommendations For versions prior to 1.2.11, update to version 1.2.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of the "virsh vol-upload" command to minimize the risk of exploitation.