CVE-2020-12430

CWE-401Memory Leak10 documents8 sources
Severity
6.5MEDIUM
EPSS
0.9%
top 24.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat LibvirtRedhat Enterprise Linux
Timeline
PublishedApr 28
Latest updateMay 24

Description

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDredhat/libvirt4.10.06.1.0
Debianlibvirt< 6.4.0-2+3

Also affects: Enterprise Linux 8.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
GHSA
GHSA-mm94-82mx-j73h: An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver2022-05-24
OSV
libvirt vulnerabilities2020-05-21
OSV
CVE-2020-12430: An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver2020-04-28
CVEList
CVE-2020-12430: An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver2020-04-28

📋Vendor Advisories

3
Ubuntu
libvirt vulnerabilities2020-05-21
Red Hat
libvirt: memory leak in domstats may allow read-only user to perform DoS attack2020-02-19
Debian
CVE-2020-12430: libvirt - An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in l...2020

💬Community

2
Bugzilla
CVE-2020-12430 libvirt: memory leak in domstats may allow read-only user to perform DoS attack2020-04-27
Bugzilla
CVE-2020-12430 libvirt: memory leak in domstats may allow read-only user to perform DoS attack [fedora-all]2020-04-27
CVE-2020-12430 (MEDIUM CVSS 6.5) | An issue was discovered in qemuDoma | cvebase.io