CVE-2021-4147

CWE-667 CWE-10268 documents7 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 76.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt Fedoraproject Fedora

Timeline

PublishedMar 25

Latest updateNov 28

Description

A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

▶NVDredhat/libvirt< 2.33.0

▶Debianlibvirt< 7.0.0-3+deb11u3+3

▶CVEListV5libvirtlibvirt 2.33.0

Also affects: Fedora 35

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-hh52-g3xv-6xxc: A flaw was found in the libvirt libxl driver↗2022-03-26

▶

CVEList

CVE-2021-4147: A flaw was found in the libvirt libxl driver↗2022-03-25

▶

OSV

CVE-2021-4147: A flaw was found in the libvirt libxl driver↗2022-03-25

▶

📋Vendor Advisories

Red Hat

quarkus-vertx-http: Security misconfiguration of CORS : OWASP A05_2021 level in Quarkus↗2022-11-28

▶

Ubuntu

libvirt vulnerabilities↗2022-05-02

▶

Red Hat

libvirt: deadlock and crash in libxl driver↗2021-11-29

▶

Debian

CVE-2021-4147: libvirt - A flaw was found in the libvirt libxl driver. A malicious guest could continuous...↗2021

▶