Your submission was sent successfully! Close

CVE-2020-12430

Published: 28 April 2020

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
libvirt
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
eoan
Released (5.4.0-0ubuntu5.4)
focal
Released (6.0.0-0ubuntu6)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)