2024326 – (CVE-2021-3975) CVE-2021-3975 libvirt: segmentation fault during VM shutdown can lead to vdsm hang

Bug 2024326 (CVE-2021-3975) - CVE-2021-3975 libvirt: segmentation fault during VM shutdown can lead to vdsm hang

Summary: CVE-2021-3975 libvirt: segmentation fault during VM shutdown can lead to vdsm...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2021-3975
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2021617 2024334 2025044 2026403
Blocks:	2022767
TreeView+	depends on / blocked

Reported:	2021-11-17 20:17 UTC by gkamathe
Modified:	2022-05-10 17:45 UTC (History)
CC List:	16 users (show)
Fixed In Version:	libvirt 7.1.0
Doc Type:	If docs needed, set a value
Doc Text:	A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.
Clone Of:
Environment:
Last Closed:	2022-05-10 17:45:34 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2022:1759	0	None	None	None	2022-05-10 13:17:52 UTC

Description gkamathe 2021-11-17 20:17:25 UTC

A use-after-free flaw was found in qemuProcessHandleMonitorEOF() within src/qemu/qemu_process.c, here qemuMonitorUnregister() is called using multiple threads without being adequately protected by a monitor lock. This issue could be used by a unprivileged user to perform a denial of service attack by causing segmentation fault on libvirt


Fixed upstream in libvirt:
https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7

Comment 1 gkamathe 2021-11-17 20:35:12 UTC

Created libvirt tracking bugs for this issue:

Affects: fedora-all [bug 2024334]

Comment 6 errata-xmlrpc 2022-05-10 13:17:48 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1759 https://access.redhat.com/errata/RHSA-2022:1759

Comment 7 Product Security DevOps Team 2022-05-10 17:45:31 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3975

Note You need to log in before you can comment on or make changes to this bug.