logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2021-3975

Description

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. #### Bugs * <https://bugzilla.redhat.com/show_bug.cgi?id=2024326>


Affected Package


OS OS Version Package Name Package Version
ubuntu 20.04 libvirt 6.0.0-0ubuntu8.16
ubuntu 22.04 libvirt 7.6.0-0ubuntu3
ubuntu upstream libvirt 7.6.0-0ubuntu3
ubuntu 14.04 libvirt any
ubuntu upstream libvirt 7.6.0-1
ubuntu 16.04 libvirt any

Related