CVE-2013-4154 Information

Description

The qemuAgentCommand function in libvirt before 1.1.1 when a guest agent is not configured allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to \agent based cpu (un)plug\ as demonstrated by the \virsh vcpucount foobar –guest\ command.

Reference

http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=96518d4316b711c72205117f8d5c967d5127bbb6 http://libvirt.org/news.html http://openwall.com/lists/oss-security/2013/07/19/12 https://bugzilla.redhat.com/show_bug.cgi?id=984821 https://bugzilla.redhat.com/show_bug.cgi?id=986386