Comment 2 for bug 1441388

A CVE hasn't been assigned.

Presumably an attacker could manipulate the environment before an application's libnuma call to have the uninitialised pointer point to information in memory they'd like to extract, or cause a denial.

If an application that gained privileges (capabilities, setuid etc) uses libnuma, this may allow access to move privileged data.

That said, probably it would only be libvirt:

$ apt-cache rdepends libnuma1
libnuma1
Reverse Depends:
  libvirt0
  libvirt-bin
  libhwloc5
  libvirt0
  libvirt-bin
  libnuma1:i386
  libnuma1:i386
  crafty
  rt-tests
  procenv
  numactl
  libhwloc5
  libvirt0
  libvirt-bin
  libnuma-dev
  libnuma-dbg
  irqbalance