The virsh nodedev-list command may cause libvirt to crash on hosts with GRID driver installed. The flaw exists in the virConnectListAllNodeDevices API. This issue could be used by an unprivileged user with a read-only connection to perform a denial of service attack by leveraging the virConnectListAllNodeDevices API via nodedev-list. Fixed upstream in libvirt-v7.0.0: https://gitlab.com/libvirt/libvirt/-/commit/4c4d0e2da07b5a035b26a0ff13ec27070f7c7b1a
More precisely, the bug is due to incorrect operator precedence when dereferencing an array pointer in virNodeDeviceGetMdevTypesCaps() in src/conf/node_device_conf.c. It can be triggered by an unprivileged client executing the nodedev-list command on a host that has a PCI device and driver that supports mediated devices. This flaw was introduced in libvirt version 6.10.0 via commit: https://gitlab.com/libvirt/libvirt/-/commit/f1b08901f7ae7557f79d83bdac33cc0bd79d1437
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3559
*** Bug 1962605 has been marked as a duplicate of this bug. ***