An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libvirt-wireshark-dbgsym": "6.0.0-0ubuntu6", "libvirt-daemon-driver-storage-rbd": "6.0.0-0ubuntu6", "libvirt-doc": "6.0.0-0ubuntu6", "libvirt-daemon-system-dbgsym": "6.0.0-0ubuntu6", "libvirt-daemon-driver-lxc-dbgsym": "6.0.0-0ubuntu6", "libvirt0": "6.0.0-0ubuntu6", "libvirt-daemon-driver-xen-dbgsym": "6.0.0-0ubuntu6", "libvirt-daemon-system": "6.0.0-0ubuntu6", "libvirt-daemon-system-sysv": "6.0.0-0ubuntu6", "libvirt-daemon-driver-xen": "6.0.0-0ubuntu6", "libnss-libvirt-dbgsym": "6.0.0-0ubuntu6", "libvirt-sanlock-dbgsym": "6.0.0-0ubuntu6", "libvirt-daemon-driver-storage-gluster": "6.0.0-0ubuntu6", "libvirt-wireshark": "6.0.0-0ubuntu6", "libvirt-daemon-driver-qemu": "6.0.0-0ubuntu6", "libnss-libvirt": "6.0.0-0ubuntu6", "libvirt-daemon": "6.0.0-0ubuntu6", "libvirt-daemon-dbgsym": "6.0.0-0ubuntu6", "libvirt-daemon-driver-storage-gluster-dbgsym": "6.0.0-0ubuntu6", "libvirt0-dbgsym": "6.0.0-0ubuntu6", "libvirt-clients-dbgsym": "6.0.0-0ubuntu6", "libvirt-sanlock": "6.0.0-0ubuntu6", "libvirt-daemon-system-systemd": "6.0.0-0ubuntu6", "libvirt-dev": "6.0.0-0ubuntu6", "libvirt-daemon-driver-qemu-dbgsym": "6.0.0-0ubuntu6", "libvirt-daemon-driver-storage-rbd-dbgsym": "6.0.0-0ubuntu6", "libvirt-clients": "6.0.0-0ubuntu6", "libvirt-daemon-driver-vbox-dbgsym": "6.0.0-0ubuntu6", "libvirt-daemon-driver-storage-zfs": "6.0.0-0ubuntu6", "libvirt-daemon-driver-vbox": "6.0.0-0ubuntu6", "libvirt-daemon-driver-lxc": "6.0.0-0ubuntu6", "libvirt-daemon-driver-storage-zfs-dbgsym": "6.0.0-0ubuntu6" } ] }