CVE-2021-3559

Updated: 2024-11-22 01:15:24.669323

Description:

A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4
CVSS Version 3.x MEDIUM 6.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS libvirt 0.10.2 6.5 MEDIUM Ignored 2022-04-26 15:46:46
CloudLinux 6 ELS libvirt 0.10.2 6.5 MEDIUM Ignored 2022-04-26 15:46:46
Oracle Linux 6 ELS libvirt 0.10.2 6.5 MEDIUM Ignored 2022-04-26 15:46:46