Design/Logic Flaw

2022-08-2320:15:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.9%

JSON

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.

CPENameOperatorVersion
ubuntu_linuxeq21.10
debian_linuxeq10.0
debian_linuxeq11.0
fedoraeq35
enterprise_linuxeq8.0
enterprise_linux_euseq8.6
enterprise_linux_for_ibm_z_systemseq8.0
enterprise_linux_for_ibm_z_systems_euseq8.6
enterprise_linux_for_power_little_endianeq8.0
enterprise_linux_for_power_little_endian_euseq8.6

Name	Operator	Version
ubuntu_linux	eq	21.10
debian_linux	eq	10.0
debian_linux	eq	11.0
fedora	eq	35
enterprise_linux	eq	8.0
enterprise_linux_eus	eq	8.6
enterprise_linux_for_ibm_z_systems	eq	8.0
enterprise_linux_for_ibm_z_systems_eus	eq	8.6
enterprise_linux_for_power_little_endian	eq	8.0
enterprise_linux_for_power_little_endian_eus	eq	8.6