A NULL pointer deference flaw was found in the way libvirt handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.
A NULL pointer dereference vulnerability was found in virStorageSourceUpdateBlockPhysicalSize when attempted to call on empty drives. Unprivileged local user can trigger this bug to crash libvirtd.
Name: Yanqiu Zhang (Red Hat)
Could you provide the rationale behind the verdict of "NOTABUG", given there's a CVE assigned and an upstream patch exists?
This issue does not affect libvirt as shipped with Red Hat Enterprise Linux 5, 6 and 7 as it does not contain the affected code.