CVE-2021-3975 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2021-3975

CVE-2021-3975

August 23, 2022

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.

Related Resources (8)

https://security-tracker.debian.org/tracker/CVE-2021-3975

https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3975

https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7

https://security.netapp.com/advisory/ntap-20221201-0002/

https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html

https://access.redhat.com/security/cve/CVE-2021-3975

https://ubuntu.com/security/CVE-2021-3975

https://bugzilla.redhat.com/show_bug.cgi?id=2024326

Do you need more information?

CVSS v4

Base Score:

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Weakness Type (CWE)

Use After Free

CWE-416

EPSS

Base Score:

0.48

Products

Solutions

Resources

Company

Compare

Developer Tools