Libvirt Security Notice Index > 2019 > LSN-2019-0002 [xml] [text]

Libvirt Security Notice: LSN-2019-0002

Crash after running guest agent command to fetch interfaces

Lifecycle

Reported on:	20190102
Published on:	20190104
Fixed on:	20190104

Credits

Reported by:	Gordon Watson
Patched by:	Ján Tomko

Description

If the guest agent does not reply to the command for listing interfaces, libvirt will reference a NULL pointer trying to parse a reply that doesn't exist

Impact

A malicious QEMU guest agent can trigger a crash in the libvirtd daemon when the host admin queries guest interfaces

Workaround

Avoid quering the guest network interfaces, or disable use of the QEMU guest agent in trusted guests

Affected product: libvirt

Branch: master

Broken in:: v1.2.14
v1.2.15
v1.2.16
v1.2.17
v1.2.18
v1.2.19
v1.2.20
v1.2.21
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v2.0.0
v2.1.0
v2.2.0
v2.3.0
v2.4.0
v2.5.0
v3.0.0
v3.1.0
v3.2.0
v3.3.0
v3.4.0
v3.5.0
v3.6.0
v3.7.0
v3.8.0
v3.9.0
v3.10.0
v4.0.0
v4.1.0
v4.2.0
v4.3.0
v4.4.0
v4.5.0
v4.6.0
v4.7.0
v4.8.0
v4.9.0
v4.10.0
Fixed in:: v5.0.0
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:: 7cfd1fbb1332ae5df678b9f41a62156cb2e88c73

Branch: v1.2.14-maint

Broken in:
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v1.2.15-maint

Broken in:
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v1.2.16-maint

Broken in:
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v1.2.17-maint

Broken in:
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v1.2.18-maint

Broken in:: v1.2.18.1
v1.2.18.2
v1.2.18.3
v1.2.18.4
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v1.2.19-maint

Broken in:
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v1.2.20-maint

Broken in:
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v1.2.21-maint

Broken in:
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v1.3.0-maint

Broken in:
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v1.3.1-maint

Broken in:
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v1.3.2-maint

Broken in:
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v1.3.3-maint

Broken in:: v1.3.3.1
v1.3.3.2
v1.3.3.3
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v1.3.4-maint

Broken in:
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v1.3.5-maint

Broken in:
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v2.0-maint

Broken in:
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v2.1-maint

Broken in:
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v2.2-maint

Broken in:: v2.2.1
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v3.0-maint

Broken in:
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v3.2-maint

Broken in:: v3.2.1
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v3.7-maint

Broken in:
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v4.1-maint

Broken in:
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Branch: v4.5-maint

Broken in:
Fixed in:
Broken by:: 0977b8aa071de550e1a013d35e2c72615e65d520
Fixed by:

Alternative formats: [xml] [text]