[3.9] libvirt: A NULL pointer dereference flaw (CVE-2019-3840)
A NULL pointer dereference flaw was discovered in libvirt before version
5.0.0 in the
way it gets interface information through the QEMU agent. An attacker in
a guest VM
can use this flaw to crash libvirtd and cause a denial of service.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-3840
Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=7cfd1fbb1332ae5df678b9f41a62156cb2e88c73
(from redmine: issue id 10422, created on 2019-05-08, closed on 2019-06-20)
- Relations:
- parent #10421 (closed)
- Changesets:
- Revision 9da537d1 on 2019-06-05T08:36:38Z:
main/libvirt: security fix (CVE-2019-3840)
Fixes #10422