CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-2700 – libvirt: Memory leak in virPCIVirtualFunctionList cleanup
https://notcve.org/view.php?id=CVE-2023-2700
A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup. A vulnerability was found in libvirt. This security flaw occurs due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup. • https://access.redhat.com/security/cve/CVE-2023-2700 https://bugzilla.redhat.com/show_bug.cgi?id=2203653 https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVK6JKP36CHE7YAFDJNPNLTW4OWJJ7TQ https://security.netapp.com/advisory/ntap-20230706-0001 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2021-3975 – libvirt: segmentation fault during VM shutdown can lead to vdsm hang
https://notcve.org/view.php?id=CVE-2021-3975
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. Se ha encontrado un fallo de uso de memoria previamente liberada en libvirt. • https://access.redhat.com/security/cve/CVE-2021-3975 https://bugzilla.redhat.com/show_bug.cgi?id=2024326 https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://security.netapp.com/advisory/ntap-20221201-0002 https://ubuntu.com/security/CVE-2021-3975 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-4147
https://notcve.org/view.php?id=CVE-2021-4147
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. Se ha encontrado un fallo en el controlador libvirt libxl. Un huésped malicioso podría reiniciarse continuamente y causar que libvirtd en el host cerrarse o bloquearse, resultando en una condición de denegación de servicio • https://bugzilla.redhat.com/show_bug.cgi?id=2034195 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://security.netapp.com/advisory/ntap-20220513-0004 • CWE-667: Improper Locking •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0897 – libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service
https://notcve.org/view.php?id=CVE-2022-0897
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). Se ha encontrado un fallo en el controlador nwfilter de libvirt. • https://bugzilla.redhat.com/show_bug.cgi?id=2063883 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://security.gentoo.org/glsa/202210-06 https://access.redhat.com/security/cve/CVE-2022-0897 • CWE-667: Improper Locking •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3631 – libvirt: Insecure sVirt label generation
https://notcve.org/view.php?id=CVE-2021-3631
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity. Se ha encontrado un fallo en libvirt mientras genera pares de categorías MCS de SELinux para las etiquetas dinámicas de las máquinas virtuales. Este defecto permite que un huésped explotado acceda a archivos etiquetados para otro huésped, resultando en una ruptura del confinamiento de sVirt. • https://access.redhat.com/errata/RHSA-2021:3631 https://bugzilla.redhat.com/show_bug.cgi?id=1977726 https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2 https://gitlab.com/libvirt/libvirt/-/issues/153 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://security.gentoo.org/glsa/202210-06 https://security.netapp.com/advisory/ntap-20220331-0010 https://access.redhat.com/security/cve/CVE-2021-3631 • CWE-732: Incorrect Permission Assignment for Critical Resource •