A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
https://access.redhat.com/errata/RHSA-2019:2294
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00101.html