libvirt: potential DoS by holding a monitor job while querying QEMU guest-agent (CVE-2019-20485) (#11857) · Issues · alpine / aports

libvirt: potential DoS by holding a monitor job while querying QEMU guest-agent (CVE-2019-20485)

qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2019-20485

Patch:

https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc

Affected branches:

Edited Aug 18, 2020 by Francesco Colista

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information