Unrated severityNVD Advisory· Published Jan 7, 2014· Updated Apr 29, 2026
CVE-2013-6436
CVE-2013-6436
Description
The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command.
Affected products
14cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.2.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- libvirt.org/git/nvd
- lists.opensuse.org/opensuse-updates/2014-01/msg00004.htmlnvd
- osvdb.org/101485nvd
- secunia.com/advisories/56245nvd
- secunia.com/advisories/60895nvd
- security.gentoo.org/glsa/glsa-201412-04.xmlnvd
- www.ubuntu.com/usn/USN-2093-1nvd
- www.redhat.com/archives/libvir-list/2013-December/msg01170.htmlnvd
News mentions
0No linked articles in our index yet.