The virsh nodedev-list command may cause libvirt to crash on hosts with GRID driver installed. The flaw exists in the virConnectListAllNodeDevices API. This issue could be used by an unprivileged user with a read-only connection to perform a denial of service attack by leveraging the virConnectListAllNodeDevices API via nodedev-list.
Fixed upstream in libvirt-v7.0.0:
More precisely, the bug is due to incorrect operator precedence when dereferencing an array pointer in virNodeDeviceGetMdevTypesCaps() in src/conf/node_device_conf.c. It can be triggered by an unprivileged client executing the nodedev-list command on a host that has a PCI device and driver that supports mediated devices.
This flaw was introduced in libvirt version 6.10.0 via commit:
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
*** Bug 1962605 has been marked as a duplicate of this bug. ***