Updated: 2023-11-04 20:23:14.874614
Description:
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | MEDIUM | 6.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | libvirt | 0.10.2 | 6.5 | MEDIUM | Ignored | 2022-08-29 05:02:10 | |
| CentOS 8.4 ELS | libvirt | 6.0.0-35.1 | 6.5 | MEDIUM | Released | CLSA-2022:1654537477 | 2022-06-06 14:38:29 |
| CentOS 8.5 ELS | libvirt | 6.0.0-37 | 6.5 | MEDIUM | Released | CLSA-2022:1654537694 | 2022-06-06 14:38:29 |
| CloudLinux 6 ELS | libvirt | 0.10.2 | 6.5 | MEDIUM | Ignored | 2022-08-29 05:02:11 | |
| Oracle Linux 6 ELS | libvirt | 0.10.2 | 6.5 | MEDIUM | Ignored | 2022-08-29 05:02:11 | |
| Ubuntu 16.04 ELS | libvirt | 1.3.1-1 | 6.5 | MEDIUM | Ignored | 2022-08-29 05:02:11 | |
| Ubuntu 18.04 ELS | libvirt | 4.0.0-1 | 6.5 | MEDIUM | Already Fixed | 2023-06-02 09:09:40 |