CVE Vulnerabilities

CVE-2021-3975

Use After Free

Published: Aug 23, 2022 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
5.3 LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Ubuntu
LOW

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.

Weakness

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory “belongs” to the code that operates on the new pointer.

Affected Software

Name Vendor Start Version End Version
Libvirt Redhat * 7.1.0 (excluding)
Advanced Virtualization for RHEL 8.5.0 RedHat virt:av-8050020211025110038.c5368500 *
Advanced Virtualization for RHEL 8.5.0 RedHat virt-devel:av-8050020211025110038.c5368500 *
Red Hat Enterprise Linux 8 RedHat virt-devel:rhel-8060020220408104655.d63f516d *
Red Hat Enterprise Linux 8 RedHat virt:rhel-8060020220408104655.d63f516d *
Libvirt Ubuntu bionic *
Libvirt Ubuntu devel *
Libvirt Ubuntu esm-infra/bionic *
Libvirt Ubuntu esm-infra/focal *
Libvirt Ubuntu focal *
Libvirt Ubuntu hirsute *
Libvirt Ubuntu jammy *
Libvirt Ubuntu kinetic *
Libvirt Ubuntu lunar *
Libvirt Ubuntu mantic *
Libvirt Ubuntu noble *
Libvirt Ubuntu oracular *
Libvirt Ubuntu plucky *
Libvirt Ubuntu trusty *
Libvirt Ubuntu trusty/esm *
Libvirt Ubuntu upstream *
Libvirt Ubuntu xenial *

Potential Mitigations

References