CVE-2019-20485

qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.7 MEDIUM
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
redhatlibvirt
𝑥
< 6.0.0
debiandebian_linux
8.0
debiandebian_linux
9.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvirt
bookworm
9.0.0-4+deb12u1
fixed
bullseye
7.0.0-3+deb11u3
fixed
buster
no-dsa
jessie
not-affected
sid
10.9.0-1
fixed
stretch
no-dsa
trixie
10.9.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libvirt
bionic
not-affected
eoan
ignored
focal
not-affected
trusty
not-affected
xenial
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libvirt
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-admin
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-bash-completion
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-client
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-config-network
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-config-nwfilter
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-driver-interface
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-driver-lxc
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-driver-network
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-driver-nodedev
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-driver-nwfilter
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-driver-qemu
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-driver-secret
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-driver-storage
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-driver-storage-core
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-driver-storage-disk
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-driver-storage-gluster
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-driver-storage-iscsi
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-driver-storage-logical
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-driver-storage-mpath
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-driver-storage-rbd
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-driver-storage-scsi
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-kvm
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-daemon-lxc
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-devel
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-docs
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-libs
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-lock-sanlock
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-login-shell
RHEL 7
0:4.5.0-36.el7
fixed
libvirt-nss
RHEL 7
0:4.5.0-36.el7
fixed
Common Weakness Enumeration
References
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078
https://bugzilla.redhat.com/show_bug.cgi?id=1809740
https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=a663a860819287e041c3de672aad1d8543098ecc
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/
https://security-tracker.debian.org/tracker/CVE-2019-20485
https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1730509.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078
https://bugzilla.redhat.com/show_bug.cgi?id=1809740
https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=a663a860819287e041c3de672aad1d8543098ecc
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/
https://security-tracker.debian.org/tracker/CVE-2019-20485
https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1730509.html