CVE-2019-20485
MEDIUMlibvirt < 6.0.0 - Denial of Service via Guest Agent Query Monitor Job
Title source: llmDescription
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=a663a860819287e041c3de672aad1d8543098ecc
Mailing List x_refsource_misc
https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1730509.html
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1809740
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2019-20485
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/
Scores
CVSS v3
5.7
EPSS
0.0019
EPSS Percentile
40.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (5)
debian/debian_linux
8.0
debian/debian_linux
9.0
debian/debian_linux
10.0
fedoraproject/fedora
31
redhat/libvirt
< 6.0.0
Published
Mar 19, 2020
Tracked Since
Feb 18, 2026