A NULL pointer dereference vulnerability was found in virStorageSourceUpdateBlockPhysicalSize when attempted to call on empty drives. Unprivileged local user can trigger this bug to crash libvirtd. Upstream patch: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c3de387380f6057ee0e46cd9f2f0a092e8070875 Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c5f6151390
Acknowledgments: Name: Yanqiu Zhang (Red Hat)
Could you provide the rationale behind the verdict of "NOTABUG", given there's a CVE assigned and an upstream patch exists?
Statement: This issue does not affect libvirt as shipped with Red Hat Enterprise Linux 5, 6 and 7 as it does not contain the affected code.