Unrated severityNVD Advisory· Published Dec 19, 2014· Updated May 6, 2026

CVE-2014-8135

Description

The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.

Affected products

Red Hat/Libvirt
cpe:2.3:a:redhat:libvirt:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cginvdExploit
libvirt.org/git/nvd
lists.opensuse.org/opensuse-updates/2015-01/msg00005.htmlnvd
secunia.com/advisories/61111nvd
security.libvirt.org/2014/0009.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000