Han Han

**Name of the Vulnerable Software and Affected Versions** libvirt versions 1.2.14 through 1.2.19 **Description** The issue is related to insufficient access control in the virStorageVolCreateXML API of the libvirt library, which manages virtualization. This can be exploited by a remote attacker to cause a denial of service, resulting in the libvirtd crash, by triggering a failed unlink after creating a volume on a root squash NFS pool. **Recommendations** For libvirt versions 1.2.14 through 1.2.19, consider restricting access to the virStorageVolCreateXML API to prevent remote authenticated users from exploiting the issue. As a temporary workaround, avoid using the virStorageVolCreateXML API to create volumes on root squash NFS pools until a patch is available.