CVE-2019-3840 (retired)

Priority
Description
A NULL pointer dereference flaw was discovered in libvirt before version
5.0.0 in the way it gets interface information through the QEMU agent. An
attacker in a guest VM can use this flaw to crash libvirtd and cause a
denial of service.
Notes
 mdeslaur> introduced in 1.2.14
Assigned-to
mdeslaur
Package
Upstream:released (5.0.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.3.1-1ubuntu10.25)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.0.0-1ubuntu8.8)
Ubuntu 18.10 (Cosmic Cuttlefish):released (4.6.0-2ubuntu3.4)
Ubuntu 19.04 (Disco Dingo):not-affected (5.0.0-1ubuntu1)
Patches:
Upstream:https://libvirt.org/git/?p=libvirt.git;a=commit;h=7cfd1fbb1332ae5df678b9f41a62156cb2e88c73
More Information

Updated: 2019-03-29 02:14:59 UTC (commit 4f84fe790cebaab8768c0c369531aca9c55f7450)