CVE-2021-3975

Published: 24 November 2021

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
libvirt Launchpad, Ubuntu, Debian	bionic	Released (4.0.0-1ubuntu8.21)
	focal	Released (6.0.0-0ubuntu8.16)
	hirsute	Ignored (reached end-of-life)
	impish	Not vulnerable (7.6.0-0ubuntu1)
	jammy	Released (7.6.0-0ubuntu3)
	kinetic	Released (7.6.0-0ubuntu3)
	trusty	Needs triage
	upstream	Released (7.6.0-1)
	xenial	Needs triage
	Patches: upstream: https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7

References

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=2024326

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Security