[3.7] libvirt: A NULL pointer dereference flaw (CVE-2019-3840)
A NULL pointer dereference flaw was discovered in libvirt before version
5.0.0 in the
way it gets interface information through the QEMU agent. An attacker in
a guest VM
can use this flaw to crash libvirtd and cause a denial of service.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-3840
Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=7cfd1fbb1332ae5df678b9f41a62156cb2e88c73
(from redmine: issue id 10424, created on 2019-05-08, closed on 2019-06-05)
- Relations:
- parent #10421 (closed)