logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2021-3975

Description

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.


Affected Package


OS OS Version Package Name Package Version
Debian 12 libvirt 9.0.0-1
Debian 11 libvirt 7.0.0-3
Debian 10 libvirt 5.0.0-4+deb10u1
Debian 999 libvirt 9.0.0-1

Related