Описание
A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Virtualization 4 | kubevirt | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2272951cnv: DoS through repeatedly calling vm-dump-metrics until virt handler crashes
6.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.5
nvd
почти 2 года назад
A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.
6.5 Medium
CVSS3