#VU18154 NULL pointer dereference in libvirt - CVE-2019-3840

Cybersecurity Help s.r.o.

Published: 2019-04-09

Vulnerability identifier: #VU18154

Vulnerability risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-3840

CWE-ID: CWE-476

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
libvirt
Universal components / Libraries / Libraries used by multiple products

Vendor: libvirt.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in libvirt in the way it processes interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service (DoS).

Mitigation
Update to version 5.0.0.

Vulnerable software versions

libvirt: 0.2.0 - 4.10.0

External links
https://libvirt.org/git/?p=libvirt.git&a=commitdiff&h=9ed175fbc2deecfdaeabca7bc77c7e7ae33a3377
https://libvirt.org/git/?p=libvirt.git&a=patch&h=9ed175fbc2deecfdaeabca7bc77c7e7ae33a3377

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat update for libvirt

NULL pointer dereference in libvirt (Alpine package)

OpenSUSE Linux update for libvirt

Denial of service in libvirt