A libvirt flaw affecting the domstats command was reported internally. This bug may allow a user on a read-only connection to cause a memory leak in domstats, resulting in a potential denial of service.
The affected function qemuDomainGetStatsIOThread() in qemu_driver.c is called by the libvirt API virDomainListGetStats when managing QEMU guests. A NULL-terminated list is returned even when no iothreads are present. As neither qemuDomainGetStatsIOThread() nor the caller did perform any cleanup, the list was returned without being properly free'd, thus resulting in a memory leak. The patch adds a `goto cleanup` statement in case there are no iothreads, to make sure the NULL-terminated list is free'd appropriately.
Function qemuDomainGetStatsIOThread() was introduced in libvirt upstream version 4.10.0 via commit:
$ git tag --contains d1eac9278
Whilst libvirt API virDomainListGetStats was introduced in version 1.2.10 via commit:
Versions of `libvirt` as shipped with Red Hat Enterprise Linux are marked as "notaffected" because they do not include the vulnerable code, which was introduced in a later version of the package. Specifically, the affected function `qemuDomainGetStatsIOThread()` was introduced in `libvirt` upstream version 4.10.0.
RHEL Advanced Virtualization is affected by this flaw as it ships a more recent version of the package.