A libvirt flaw affecting the domstats command was reported internally. This bug may allow a user on a read-only connection to cause a memory leak in domstats, resulting in a potential denial of service. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1804548 Upstream fix: https://libvirt.org/git/?p=libvirt.git;a=commit;h=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581
The affected function qemuDomainGetStatsIOThread() in qemu_driver.c is called by the libvirt API virDomainListGetStats when managing QEMU guests. A NULL-terminated list is returned even when no iothreads are present. As neither qemuDomainGetStatsIOThread() nor the caller did perform any cleanup, the list was returned without being properly free'd, thus resulting in a memory leak. The patch adds a `goto cleanup` statement in case there are no iothreads, to make sure the NULL-terminated list is free'd appropriately.
Function qemuDomainGetStatsIOThread() was introduced in libvirt upstream version 4.10.0 via commit: -> https://libvirt.org/git/?p=libvirt.git;a=commit;h=d1eac92784573559b6fd56836e33b215c89308e3 $ git tag --contains d1eac9278 v4.10.0 v4.10.0-rc1 v4.10.0-rc2 v5.0.0 [...] Whilst libvirt API virDomainListGetStats was introduced in version 1.2.10 via commit: -> https://libvirt.org/git/?p=libvirt.git;a=commit;h=76a5bc4eef9f60ef73f5e0b272f4e0a5270e31de
Statement: Versions of `libvirt` as shipped with Red Hat Enterprise Linux are marked as "notaffected" because they do not include the vulnerable code, which was introduced in a later version of the package. Specifically, the affected function `qemuDomainGetStatsIOThread()` was introduced in `libvirt` upstream version 4.10.0. RHEL Advanced Virtualization is affected by this flaw as it ships a more recent version of the package.