Updated: 2024-11-22 01:15:24.669323
Description:
A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | MEDIUM | 4 |
CVSS Version 3.x | MEDIUM | 6.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
CentOS 6 ELS | libvirt | 0.10.2 | 6.5 | MEDIUM | Ignored | 2022-04-26 15:46:46 | ||
CloudLinux 6 ELS | libvirt | 0.10.2 | 6.5 | MEDIUM | Ignored | 2022-04-26 15:46:46 | ||
Oracle Linux 6 ELS | libvirt | 0.10.2 | 6.5 | MEDIUM | Ignored | 2022-04-26 15:46:46 |