CVE-2021-3975

CWE-416Use After Free9 documents8 sources
Severity
6.5MEDIUM
EPSS
0.5%
top 33.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Redhat LibvirtCanonical Ubuntu LinuxDebian Debian Linux+9 more
Timeline
PublishedAug 23
Latest updateAug 24

Description

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDredhat/libvirt< 7.1.0
Debianlibvirt< 7.0.0-3+deb11u3+3
CVEListV5libvirtFixed in libvirt v7.1.0

Also affects: Debian Linux 10.0, 11.0, Fedora 35, Ubuntu Linux 21.10, Enterprise Linux 8.0, 8.6

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: ubuntu.com

🔴Vulnerability Details

4
GHSA
GHSA-pg89-46xq-98vv: A use-after-free flaw was found in libvirt2022-08-24
OSV
CVE-2021-3975: A use-after-free flaw was found in libvirt2022-08-23
CVEList
CVE-2021-3975: A use-after-free flaw was found in libvirt2022-08-23
OSV
libvirt vulnerabilities2022-05-02

📋Vendor Advisories

4
Microsoft
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. T2022-08-09
Ubuntu
libvirt vulnerabilities2022-05-02
Red Hat
libvirt: segmentation fault during VM shutdown can lead to vdsm hang2021-11-17
Debian
CVE-2021-3975: libvirt - A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function...2021