libvirt: A NULL pointer dereference flaw (CVE-2019-3840) (#10421) · Issues · alpine / aports

libvirt: A NULL pointer dereference flaw (CVE-2019-3840)

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the
way it gets interface information through the QEMU agent. An attacker in a guest VM
can use this flaw to crash libvirtd and cause a denial of service.

References:

https://nvd.nist.gov/vuln/detail/CVE-2019-3840

Patch:

https://libvirt.org/git/?p=libvirt.git;a=commit;h=7cfd1fbb1332ae5df678b9f41a62156cb2e88c73

(from redmine: issue id 10421, created on 2019-05-08, closed on 2019-06-20)

Relations:
- child #10422 (closed)
- child #10423 (closed)
- child #10424 (closed)

Discussion
Designs