Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2021-4147

Published: 25 March 2022

A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.

Priority

Low

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
libvirt
Launchpad, Ubuntu, Debian
bionic
Released (4.0.0-1ubuntu8.21)
focal
Released (6.0.0-0ubuntu8.16)
hirsute Ignored
(end of life)
impish
Released (7.6.0-0ubuntu1.2)
trusty Needs triage

upstream
Released (7.10.0-2)
xenial Needs triage

jammy Not vulnerable
(8.0.0-1ubuntu7)
kinetic Not vulnerable
(8.0.0-1ubuntu7)
lunar Not vulnerable
(8.0.0-1ubuntu7)
mantic Not vulnerable
(8.0.0-1ubuntu7)
Patches:
upstream: https://gitlab.com/libvirt/libvirt/-/commit/23b51d7b8ec885e97a9277cf0a6c2833db4636e8
upstream: https://gitlab.com/libvirt/libvirt/-/commit/a4e6fba069c0809b8b5dde5e9db62d2efd91b4a0
upstream: https://gitlab.com/libvirt/libvirt/-/commit/e4f7589a3ec285489618ca04c8c0230cc31f3d99
upstream: https://gitlab.com/libvirt/libvirt/-/commit/b9a5faea49b7412e26d7389af4c32fc2b3ee80e5
upstream: https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d
upstream: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Changed
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H