First published: Thu Mar 01 2018(Updated: )
An incomplete fix for <a href="https://access.redhat.com/security/cve/CVE-2018-5748">CVE-2018-5748</a> that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent. Upstream patch: <a href="https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513">https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513</a>
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Redhat Libvirt | <=4.1.0 | |
redhat/libvirt | <4.2.0 | 4.2.0 |
debian/libvirt | 7.0.0-3+deb11u3 9.0.0-4+deb12u2 10.10.0-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-1064 is a vulnerability in libvirt version before 4.2.0-rc1 that can result in resource exhaustion due to an incomplete fix for CVE-2018-5748.
CVE-2018-1064 has a low severity rating.
CVE-2018-1064 affects libvirt versions before 4.2.0-rc1 and can be triggered via the QEMU guest agent.
To avoid CVE-2018-1064, it is recommended to use libvirt version 4.2.0-rc1 or later.
You can find more information about CVE-2018-1064 at the following references: [1] [2] [3].