A flaw was found in the way the libvirtd daemon issued the "suspend" command to a QEMU guest-agent running inside a guest, where it holds a monitor job while issuing the "suspend" command to a guest-agent. A malicious guest-agent may use this flaw to block the libvirt daemon indefinitely, resulting in a denial of service. A NULL pointer dereference was found in the libvirt API responsible for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service