logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2021-3975

Description

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.


Affected Software


CPE Name Name Version
redhat:libvirt redhat libvirt 7.1.0
canonical:ubuntu_linux canonical ubuntu linux 21.10
fedoraproject:fedora fedoraproject fedora 35
redhat:enterprise_linux redhat enterprise linux 8.0
redhat:enterprise_linux_for_power_little_endian redhat enterprise linux for power little endian 8.0
redhat:enterprise_linux_for_ibm_z_systems redhat enterprise linux for ibm z systems 8.0
redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions redhat enterprise linux server for power little endian update services for sap solutions 8.6
redhat:enterprise_linux_for_ibm_z_systems_eus redhat enterprise linux for ibm z systems eus 8.6
redhat:enterprise_linux_server_tus redhat enterprise linux server tus 8.6
redhat:enterprise_linux_eus redhat enterprise linux eus 8.6
redhat:enterprise_linux_for_power_little_endian_eus redhat enterprise linux for power little endian eus 8.6
redhat:codeready_linux_builder redhat codeready linux builder -
debian:debian_linux debian debian linux 10.0
debian:debian_linux debian debian linux 11.0

Related