CVE-2023-3750 – Libvirt: improper locking in virstoragepoolobjlistsearch may lead to denial of service
https://notcve.org/view.php?id=CVE-2023-3750
A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon. • https://access.redhat.com/errata/RHSA-2023:6409 https://access.redhat.com/security/cve/CVE-2023-3750 https://bugzilla.redhat.com/show_bug.cgi?id=2222210 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVK6JKP36CHE7YAFDJNPNLTW4OWJJ7TQ • CWE-667: Improper Locking •
CVE-2023-2700 – libvirt: Memory leak in virPCIVirtualFunctionList cleanup
https://notcve.org/view.php?id=CVE-2023-2700
A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup. A vulnerability was found in libvirt. This security flaw occurs due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup. • https://access.redhat.com/security/cve/CVE-2023-2700 https://bugzilla.redhat.com/show_bug.cgi?id=2203653 https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVK6JKP36CHE7YAFDJNPNLTW4OWJJ7TQ https://security.netapp.com/advisory/ntap-20230706-0001 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2021-3975 – libvirt: segmentation fault during VM shutdown can lead to vdsm hang
https://notcve.org/view.php?id=CVE-2021-3975
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. Se ha encontrado un fallo de uso de memoria previamente liberada en libvirt. • https://access.redhat.com/security/cve/CVE-2021-3975 https://bugzilla.redhat.com/show_bug.cgi?id=2024326 https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://security.netapp.com/advisory/ntap-20221201-0002 https://ubuntu.com/security/CVE-2021-3975 • CWE-416: Use After Free •
CVE-2021-4147
https://notcve.org/view.php?id=CVE-2021-4147
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. Se ha encontrado un fallo en el controlador libvirt libxl. Un huésped malicioso podría reiniciarse continuamente y causar que libvirtd en el host cerrarse o bloquearse, resultando en una condición de denegación de servicio • https://bugzilla.redhat.com/show_bug.cgi?id=2034195 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://security.netapp.com/advisory/ntap-20220513-0004 • CWE-667: Improper Locking •
CVE-2022-0897 – libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service
https://notcve.org/view.php?id=CVE-2022-0897
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). Se ha encontrado un fallo en el controlador nwfilter de libvirt. • https://bugzilla.redhat.com/show_bug.cgi?id=2063883 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://security.gentoo.org/glsa/202210-06 https://access.redhat.com/security/cve/CVE-2022-0897 • CWE-667: Improper Locking •