Red Hat Customer Portal

Skip to main content

CVE-2013-4154

The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "virsh vcpucount foobar --guest" command.

Details Source

Mitre

Statement

Not vulnerable. This issue did not affect the versions of libvirt as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.

Public Date

2013-07-16 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-4154 libvirt: crash of libvirtd without guest agent configuration

Bugzilla ID

986 386

CVSS Status

draft

Base Score

3.30

Base Metrics

AV:A/AC:L/Au:N/C:N/I:N/A:P

Acknowledgements

This issue was discovered by Alex Jia of Red Hat.

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 libvirt Not affected
Red Hat Enterprise Linux 5 libvirt Not affected