A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics –virtio and then deleting the virtual machine.
The product dereferences a pointer that it expects to be valid but is NULL.