Описание
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.
A NULL pointer dereference was found in the libvirt API responsible for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.
Отчет
Versions of libvirt as shipped with Red Hat Enterprise Linux 5 and 6 are marked as "notaffected" as they do not include the vulnerable code, which was introduced in a later version of the package. Specifically, the affected internal function storagePoolLookupByTargetPathCallback was introduced in libvirt upstream version v3.10.0, whereas the virStoragePoolLookupByTargetPath method was exported as a public API in version 4.1.0.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libvirt | Not affected | ||
| Red Hat Enterprise Linux 6 | libvirt | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:8.1/libvirt | Affected | ||
| Red Hat Enterprise Linux 7 | libvirt | Fixed | RHSA-2020:4000 | 29.09.2020 |
| Red Hat Enterprise Linux 8 | virt-devel | Fixed | RHSA-2020:4676 | 04.11.2020 |
| Red Hat Enterprise Linux 8 | virt | Fixed | RHSA-2020:4676 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.
A NULL pointer dereference was found in the libvirt API responsible in ...
EPSS
6.5 Medium
CVSS3