CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
85.1%
Double free vulnerability in the qemuAgentGetVCPUs function in
qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to
cause a denial of service (daemon crash) via a cpu count request, as
demonstrated by the “virsh vcpucount dom --guest” command.
Author | Note |
---|---|
mdeslaur | Introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=3099c063e348fdc79a900f88bcfc5389dada7786 which is in 1.1.0 |