Pavel Hrdina

**Name of the Vulnerable Software and Affected Versions** libvirt versions prior to 1.2.9 libvirt-client version 0.10.2 libvirt-devel version 0.10.2 libvirt-debuginfo version 0.10.2 libvirt-python version 0.10.2 **Description** The issue affects the confidentiality, integrity, and availability of protected information. It is related to the `virDomainListPopulate` function in `conf/domain conf.c`, which does not clean up the lock on the list of domains. This allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the `virConnectListAllDomains` API command. **Recommendations** For libvirt versions prior to 1.2.9, update to version 1.2.9 or later to resolve the issue. For libvirt-client version 0.10.2, consider disabling the `virConnectListAllDomains` API command until a patch is available. For libvirt-devel version 0.10.2, restrict access to the `conf/domain conf.c` module to minimize the risk of exploitation. For libvirt-debuginfo version 0.10.2, avoid using the `virDomainListPopulate` function until the issue is resolved. For libvirt-python version 0.10.2, consider disabling the `virConnectListAllDomains` API command until a patch is available.