DescriptionA NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libvirt (PTS)bullseye7.0.0-3+deb11u2fixed
sid, trixie10.5.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libvirtsourcejessie(not affected)
libvirtsourcestretch(not affected)


[stretch] - libvirt <not-affected> (Vulnerable code introduced later)
[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
Introduced by:;a=commit;h=5d5c732d748d644ec14626bce448e84bdc4bd93e (v3.10.0-rc1)
Fixed by:;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f (v6.0.0-rc1)

Search for package or bug name: Reporting problems