CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8235 – Libvirt: crash of virtinterfaced via virconnectlistinterfaces()
https://notcve.org/view.php?id=CVE-2024-8235
30 Aug 2024 — A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon. An update for libvirt is now available for Red Hat Enterprise Linux 9. • https://access.redhat.com/security/cve/CVE-2024-8235 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3750 – Libvirt: improper locking in virstoragepoolobjlistsearch may lead to denial of service
https://notcve.org/view.php?id=CVE-2023-3750
24 Jul 2023 — A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon. It wad discovered that libvirt incorrectly handled locking when processing certain requests. A local attacker could possibly use this issue to cause libvirt to stop responding or crash, resul... • https://access.redhat.com/errata/RHSA-2023:6409 • CWE-667: Improper Locking •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-2700 – libvirt: Memory leak in virPCIVirtualFunctionList cleanup
https://notcve.org/view.php?id=CVE-2023-2700
15 May 2023 — A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup. A vulnerability was found in libvirt. This security flaw occurs due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr ... • https://access.redhat.com/security/cve/CVE-2023-2700 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.8EPSS: 0%CPEs: 21EXPL: 0CVE-2021-3975 – libvirt: segmentation fault during VM shutdown can lead to vdsm hang
https://notcve.org/view.php?id=CVE-2021-3975
03 May 2022 — A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. Se ha encontrado un fallo de uso de memoria previamente liberad... • https://access.redhat.com/security/cve/CVE-2021-3975 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-4147 – Ubuntu Security Notice USN-5399-1
https://notcve.org/view.php?id=CVE-2021-4147
25 Mar 2022 — A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. Se ha encontrado un fallo en el controlador libvirt libxl. Un huésped malicioso podría reiniciarse continuamente y causar que libvirtd en el host cerrarse o bloquearse, resultando en una condición de denegación de servicio It was discovered that libvirt incorrectly handled certain locking operations. A local attacker... • https://bugzilla.redhat.com/show_bug.cgi?id=2034195 • CWE-667: Improper Locking •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0897 – libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service
https://notcve.org/view.php?id=CVE-2022-0897
25 Mar 2022 — A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). Se ha encontrado un fallo en el con... • https://bugzilla.redhat.com/show_bug.cgi?id=2063883 • CWE-667: Improper Locking •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3631 – libvirt: Insecure sVirt label generation
https://notcve.org/view.php?id=CVE-2021-3631
01 Oct 2021 — A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity. Se ha encontrado un fallo en libvirt mientras genera pares de categorías MCS de SELinux para las etiquetas dinámicas de las máquinas virtuales. Este defecto permite que un huésped explotado acceda a ar... • https://access.redhat.com/errata/RHSA-2021:3631 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3667 – libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API
https://notcve.org/view.php?id=CVE-2021-3667
01 Oct 2021 — An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to s... • https://bugzilla.redhat.com/show_bug.cgi?id=1986094 • CWE-667: Improper Locking •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10701
https://notcve.org/view.php?id=CVE-2020-10701
27 May 2021 — A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero... • https://bugzilla.redhat.com/show_bug.cgi?id=1819163 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3559
https://notcve.org/view.php?id=CVE-2021-3559
24 May 2021 — A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability. Se encontró un fallo en libvirt en la API virConnectListAllNodeDevices en versiones anterior... • https://bugzilla.redhat.com/show_bug.cgi?id=1962306 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •