CVE-2023-3750 — Improper Locking in Redhat Enterprise Linux

CWE-667 — Improper Locking CWE-416 — Use After Free9 documents8 sources

Severity

5.3MEDIUMNVD

CNA6.5

EPSS

0.1%

top 69.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt Redhat Enterprise Linux

Timeline

PublishedJul 24

Latest updateJul 26

Description

A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages1 packages

▶Debianredhat/libvirt< 9.0.0-4+deb12u1+2

Also affects: Enterprise Linux 9.0

🔴Vulnerability Details

CVEList

Libvirt: improper locking in virstoragepoolobjlistsearch may lead to denial of service↗2023-07-24

▶

GHSA

GHSA-35p2-9fg3-f2p2: A flaw was found in libvirt↗2023-07-24

▶

OSV

CVE-2023-3750: A flaw was found in libvirt↗2023-07-24

▶

📋Vendor Advisories

Ubuntu

libvirt vulnerability↗2023-07-26

▶

Red Hat

libvirt: improper locking in virStoragePoolObjListSearch may lead to denial of service↗2023-07-18

▶

Microsoft

Libvirt: improper locking in virstoragepoolobjlistsearch may lead to denial of service↗2023-07-11

▶

Red Hat

QEMU: hcd-ehci: DMA reentrancy issue (incomplete fix for CVE-2021-3750)↗2023-05-12

▶

Debian

CVE-2023-3750: libvirt - A flaw was found in libvirt. The virStoragePoolObjListSearch function does not r...↗2023

▶