The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2014-10-06T14:00:00
Updated: 2014-12-12T13:57:01
Reserved: 2014-05-14T00:00:00
Link: CVE-2014-3633
JSON object: View
NVD Information
Status : Modified
Published: 2014-10-06T14:55:10.017
Modified: 2023-02-13T00:41:07.873
Link: CVE-2014-3633
JSON object: View
Redhat Information
No data.
CWE