First published: Thu Jan 10 2019(Updated: )
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Libvirt | <5.0.0 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =42.3 | |
redhat/libvirt | <5.0.0 | 5.0.0 |
<5.0.0 | ||
=15.0 | ||
=42.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3840 is a vulnerability discovered in libvirt, versions before 5.0.0, that allows an attacker in a guest VM to crash libvirtd and cause a denial of service.
CVE-2019-3840 affects libvirt by causing a NULL pointer dereference flaw in the way it gets interface information through the QEMU agent.
The severity level of CVE-2019-3840 is medium, with a severity value of 6.3.
To fix CVE-2019-3840, update libvirt to version 5.0.0 or later.
Yes, you can find references for CVE-2019-3840 at the following links: [1](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00101.html), [2](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html), [3](https://access.redhat.com/errata/RHSA-2019:2294)