Wind River Support Network

HomeDefectsLIN1021-2072
Fixed

LIN1021-2072 : Security Advisory - libvirt - CVE-2021-3975

Created: Nov 22, 2021    Updated: Aug 24, 2022
Resolved Date: Mar 14, 2022
Found In Version: 10.21.20.1
Fix Version: 10.21.20.11
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.

https://nvd.nist.gov/vuln/detail/CVE-2021-3975

CVEs


Live chat
Online