CVE-2019-3840

Published: 27 February 2019

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.

Priority

Medium

CVSS 3 base score: 6.3

Status

Package Release Status
libvirt
Launchpad, Ubuntu, Debian
Upstream
Released (5.0.0-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.0.0-1ubuntu8.8)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.3.1-1ubuntu10.25)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: https://libvirt.org/git/?p=libvirt.git;a=commit;h=7cfd1fbb1332ae5df678b9f41a62156cb2e88c73