It has been found that sending RPC message with an event as the RPC number, or RPC number that falls into gap in the RPC dispatch table, can lead to libvirtd accessing memory at page zero. A remote attacker could use this flaw to crash libvirtd (DoS).
Proposed upstream fix:
The versions of libvirt as shipped with Red Hat Enterprise Linux 5 are not affected.
This issue did affect the versions of the libvirt package as shipped with Red Hat Enterprise Linux 6.
Created libvirt tracking bugs for this issue
Affects: fedora-all [bug 857135]
This issue was discovered by Wenlong Huang of the Red Hat Virtualization QE Team.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2012:1359 https://rhn.redhat.com/errata/RHSA-2012-1359.html