CVE-2019-20485

Name: CVE-2019-20485
Creator: NVD / NIST
Published: 2020-03-19T02:15:10.88+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.7/10EPSS 0.81%

Last modified Jun 17, 2026

CVE-2019-20485 is a medium-severity vulnerability rated 5.7/10 on the CVSS scale. qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).. EPSS estimates a 0.81% chance of exploitation in the next 30 days.

Description

qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).

Metrics

CVSS 3.1

5.7/10

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.81%

52.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Redhat	Libvirt	< 6.0.0
Debian	Debian Linux	8.0
Debian	Debian Linux	9.0
Debian	Debian Linux	10.0
Fedoraproject	Fedora	31

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1809740Issue Tracking, Vendor Advisory
https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=a663a860819287e041c3de672aad1d8543098ecc
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/
https://security-tracker.debian.org/tracker/CVE-2019-20485Third Party Advisory
https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1730509.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1809740Issue Tracking, Vendor Advisory
https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=a663a860819287e041c3de672aad1d8543098ecc
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/
https://security-tracker.debian.org/tracker/CVE-2019-20485Third Party Advisory
https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1730509.html

Timeline

Published: Mar 19, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-20485?

qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).

How severe is CVE-2019-20485?

CVE-2019-20485 has a CVSS score of 5.7/10 (MEDIUM severity). The EPSS model estimates a 0.81% probability of exploitation in the next 30 days.

How do I fix CVE-2019-20485?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-20485?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST