Bug 2034195 (CVE-2021-4147)

Summary:	CVE-2021-4147 libvirt: deadlock and crash in libxl driver
Product:	[Other] Security Response	Reporter:	Mauro Matteo Cascella <mcascell>
Component:	vulnerability	Assignee:	Red Hat Product Security <security-response-team>
Status:	CLOSED NOTABUG	QA Contact:
Severity:	low	Docs Contact:
Priority:	low
Version:	unspecified	CC:	agedosier, berrange, clalancette, crobinso, eblake, jdenemar, jforbes, jsuchane, knoel, laine, libvirt-maint, pkrempa, veillard, virt-maint, virt-maint
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	libvirt 2.33.0	Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.	Story Points:	---
Clone Of:		Environment:
Last Closed:	2021-12-20 14:19:50 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	2034252
Bug Blocks:	2034186, 2034658

Description Mauro Matteo Cascella 2021-12-20 11:37:31 UTC

A flaw was found in the libvirt libxl driver. A rouge guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. See https://listman.redhat.com/archives/libvir-list/2021-November/msg00908.html.

Comment 2 Mauro Matteo Cascella 2021-12-20 13:18:34 UTC

Upstream commits:
https://gitlab.com/libvirt/libvirt/-/commit/23b51d7b8ec885e97a9277cf0a6c2833db4636e8
https://gitlab.com/libvirt/libvirt/-/commit/a4e6fba069c0809b8b5dde5e9db62d2efd91b4a0
https://gitlab.com/libvirt/libvirt/-/commit/e4f7589a3ec285489618ca04c8c0230cc31f3d99
https://gitlab.com/libvirt/libvirt/-/commit/b9a5faea49b7412e26d7389af4c32fc2b3ee80e5
https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d
https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340

Comment 3 Mauro Matteo Cascella 2021-12-20 13:48:21 UTC

Created libvirt tracking bugs for this issue:

Affects: fedora-all [bug 2034252]