Vulnerability Details : CVE-2021-3975
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2021-3975
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
- Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 8.6cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-3975
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-3975
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2021-3975
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
References for CVE-2021-3975
-
https://bugzilla.redhat.com/show_bug.cgi?id=2024326
2024326 – (CVE-2021-3975) CVE-2021-3975 libvirt: segmentation fault during VM shutdown can lead to vdsm hangIssue Tracking;Patch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20221201-0002/
CVE-2021-3975 Libvirt Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://ubuntu.com/security/CVE-2021-3975
CVE-2021-3975 | UbuntuPatch;Third Party Advisory
-
https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7
qemu: Add missing lock in qemuProcessHandleMonitorEOF · libvirt/libvirt@1ac703a · GitHubPatch;Third Party Advisory
-
https://access.redhat.com/security/cve/CVE-2021-3975
CVE-2021-3975- Red Hat Customer PortalIssue Tracking;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html
[SECURITY] [DLA 3778-1] libvirt security update
Jump to