CVE-2019-3840

Priority
Description
A NULL pointer dereference flaw was discovered in libvirt before version
5.0.0 in the way it gets interface information through the QEMU agent. An
attacker in a guest VM can use this flaw to crash libvirtd and cause a
denial of service.
Assigned-to
mdeslaur
Notes
mdeslaurintroduced in 1.2.14
Package
Upstream:released (5.0.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.3.1-1ubuntu10.25)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.0.0-1ubuntu8.8)
Patches:
Upstream:https://libvirt.org/git/?p=libvirt.git;a=commit;h=7cfd1fbb1332ae5df678b9f41a62156cb2e88c73
More Information

Updated: 2020-07-28 20:07:28 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)