VDB
GCVE-110-MAGEIA-2014-243
GCVE-110-MAGEIA-2014-243
Advisory Published
Updated libvirt packages fix security vulnerabilities:
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through
1.2.1 allows local users to (1) delete arbitrary host devices
via the virDomainDeviceDettach API and a symlink attack on /dev
in the container; (2) create arbitrary nodes (mknod) via the
virDomainDeviceAttach API and a symlink attack on /dev in the
container; and cause a denial of service (shutdown or reboot host
OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a
symlink attack on /dev/initctl in the container, related to paths under
/proc//root and the virInitctlSetRunLevel function (CVE-2013-6456).
libvirt was patched to prevent expansion of entities when parsing XML
files. This vulnerability allowed malicious users to read arbitrary
files or cause a denial of service (CVE-2014-0179).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | libvirt | 0 (affected), 1.0.2-8.5.mga3 (unaffected) | — |
| Mageia | libvirt | 0 (affected), 1.2.1-1.1.mga4 (unaffected) | — |
Aliases
References
Browse GCVE Records
72,580 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.