Vulnerability CVE-2019-3840: Information
Description
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
Severity: MEDIUM (6.3) Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libvirt | sisyphus | 5.0.0-alt1 | 10.2.0-alt1 | ALT-PU-2019-1163-1 | 220340 | Fixed |
libvirt | p10 | 5.0.0-alt1 | 9.7.0-alt2.p10.2 | ALT-PU-2019-1163-1 | 220340 | Fixed |
libvirt | p9 | 5.0.0-alt1 | 7.3.0-alt0.p9.3 | ALT-PU-2019-1163-1 | 220340 | Fixed |
libvirt | p8 | 3.10.0-alt3 | 3.10.0-alt3 | ALT-PU-2019-2579-1 | 236664 | Fixed |
libvirt | c10f1 | 5.0.0-alt1 | 9.7.0-alt2.p10.2 | ALT-PU-2019-1163-1 | 220340 | Fixed |
libvirt | c9f2 | 5.0.0-alt1 | 7.3.0-alt0.p9.3 | ALT-PU-2019-1163-1 | 220340 | Fixed |
libvirt | p11 | 5.0.0-alt1 | 10.2.0-alt1 | ALT-PU-2019-1163-1 | 220340 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html |
|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840 |
|
https://bugzilla.redhat.com/show_bug.cgi?id=1663051 |
|
openSUSE-SU-2019:1288 |
|
openSUSE-SU-2019:1294 |
|
RHSA-2019:2294 | |
FEDORA-2019-b3bfc61567 |