Advisory ROSA-SA-2024-2430

Software: libvirt 6.0.0
OS: ROSA Virtualization 2.1

package_evr_string: libvirt-6.0.0-28.module+el8.3.0+7827+5e65edd7.src.rpm

CVE-ID: CVE-2021-3631
BDU-ID: 2024-02428
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Libvirt virtualization management library is related to the creation of SELinux MCS category pairs for dynamic virtual machine labels. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information
CVE-STATUS: Not Relevant
CVE-REV:

CVE-ID: CVE-2021-3975
BDU-ID: None
CVE-Crit: N/A
CVE-DESC.: A use-after-free vulnerability has been discovered in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without adequate protection by monitor locking. This flaw can be caused by the virConnectGetAllDomainStats API when the guest is terminated. An unprivileged client with a read-only connection could exploit this vulnerability to perform a denial-of-service attack, causing the libvirt daemon to crash.
CVE-STATUS: Not Relevant
CVE-REV: