CVE-2017-2635

Impact:
Moderate
Public Date:
2017-02-09
CWE:
CWE-476
Bugzilla:
1427090: CVE-2017-2635 libvirt: Null pointer dereference when updating storage size on empty drives
A NULL pointer deference flaw was found in the way libvirt handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.

Find out more about CVE-2017-2635 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect libvirt as shipped with Red Hat Enterprise Linux 5, 6 and 7 as it does not contain the affected code.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 7.7
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality None
Integrity Impact None
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Gluster Storage 3 libvirt Not affected
Red Hat Enterprise Linux 7 libvirt Not affected
Red Hat Enterprise Linux 6 libvirt Not affected
Red Hat Enterprise Linux 5 libvirt Not affected
RHEV Manager 3 libvirt Not affected
RHEV Manager 3 mingw-virt-viewer Not affected

Acknowledgements

This issue was discovered by Yanqiu Zhang (Red Hat).
Last Modified