SB2020051287 - Memory leak in libvirt (Alpine package)
Published: May 12, 2020
Security Bulletin ID
SB2020051287
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2020-12430)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the domstats command, resulting in a potential denial of service due to an error in the qemuDomainGetStatsIOThread() in qemu/qemu_driver.c in libvirt. A remote attacker can perform a denial of service attack.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=0a50437d8b8d5a583b96d5807d95e6b549772ba3
- https://git.alpinelinux.org/aports/commit/?id=4880d17ef64049d585e4071b734d70a3ca8efbf4
- https://git.alpinelinux.org/aports/commit/?id=af2087cf4b041e1ebb9d13c59e2ef7faabe5941a
- https://git.alpinelinux.org/aports/commit/?id=57cb6585ba678d10c85a9ff2a577a280f58922ed
- https://git.alpinelinux.org/aports/commit/?id=f2e830c2b116215685cdbc1aa8b511ea6645a964