Vulnerability CVE-2019-3840: Information

Description

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.

Severity: MEDIUM (6.3) Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-3840
Published: March 27, 2019
Modified: Nov. 7, 2023
Error type identifier: CWE-476

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libvirtsisyphus5.0.0-alt110.2.0-alt1ALT-PU-2019-1163-1220340Fixed
libvirtp105.0.0-alt19.7.0-alt2.p10.2ALT-PU-2019-1163-1220340Fixed
libvirtp95.0.0-alt17.3.0-alt0.p9.3ALT-PU-2019-1163-1220340Fixed
libvirtp83.10.0-alt33.10.0-alt3ALT-PU-2019-2579-1236664Fixed
libvirtc10f15.0.0-alt19.7.0-alt2.p10.2ALT-PU-2019-1163-1220340Fixed
libvirtc9f25.0.0-alt17.3.0-alt0.p9.3ALT-PU-2019-1163-1220340Fixed
libvirtp115.0.0-alt110.2.0-alt1ALT-PU-2019-1163-1220340Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html
  • Exploit
  • Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840
  • Exploit
  • Issue Tracking
  • Patch
  • Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1663051
  • Exploit
  • Issue Tracking
  • Third Party Advisory
  • Vendor Advisory
openSUSE-SU-2019:1288
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2019:1294
  • Mailing List
  • Third Party Advisory
RHSA-2019:2294
    FEDORA-2019-b3bfc61567

        1. Configuration 1

          cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*
          End excliding
          5.0.0

          Configuration 2

          cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
          cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.3
      Back to top