CVE-2013-4154

Name of the Vulnerable Software and Affected Versions libvirt versions prior to 1.1.1

Description The issue allows remote attackers to cause a denial of service, resulting in a crash due to a NULL pointer dereference. This can be achieved through vectors related to agent-based CPU (un)plug, as demonstrated by the command virsh vcpucount foobar --guest.

Recommendations For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the qemuAgentCommand function until a patch is available.