5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
6.5 Medium
AI Score
Confidence
High
1.5 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
14.5%
Libvirt is vulnerable to NULL pointer dereference. The vulnerability is caused by a race condition due to the simultaneous detachment of a host interface while collecting the list of interfaces using the virConnectListAllInterfaces
API. This race condition leads to a situation where the path variable can become NULL while still being accessed, resulting in Denial of Service (DoS).
CPE | Name | Operator | Version |
---|---|---|---|
libvirt.so | le | 0.9008.0.debug | |
libvirt.so | le | 0.9008.0.debug |
5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
6.5 Medium
AI Score
Confidence
High
1.5 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
14.5%