CVE-2020-12430
published 2020-04-28CVE-2020-12430: An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libvirt | < libvirt 6.4.0-2 (bookworm) | libvirt 6.4.0-2 (bookworm) |
| redhat | enterprise_linux | — | — |
| redhat | libvirt | >= 0 < 6.4.0-2 | 6.4.0-2 |
| redhat | libvirt | >= 0 < 6.4.0-2 | 6.4.0-2 |
| redhat | libvirt | >= 0 < 6.4.0-2 | 6.4.0-2 |
| redhat | libvirt | >= 0 < 6.4.0-2 | 6.4.0-2 |
| redhat | libvirt | >= 0 < 4.0.0-1ubuntu8.17 | 4.0.0-1ubuntu8.17 |
| redhat | libvirt | >= 4.10.0 < 6.1.0 | 6.1.0 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM