Vulnerabilities > CVE-2021-3975

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.

Vulnerable Configurations

Part Description Count
Application
Redhat
464
Application
Netapp
1
OS
Canonical
1
OS
Fedoraproject
1
OS
Redhat
8
OS
Debian
2