libvirt UAF in qemuMonitorUnregister via virConnectGetAllDomainStats
CVE-2021-3975 Published on August 23, 2022

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.

NVD

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2021-3975 has been classified to as a Dangling pointer vulnerability or weakness.


Products Associated with CVE-2021-3975

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-3975 are published in these products:

Canonical Ubuntu Linux
 
Red Hat Libvirt
 
Fedora Project Fedora
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Enterprise Linux Power Little Endian
 
Red Hat Enterprise Linux Ibm Z Systems
 
Red Hat Enterprise Linux Server Power Little Endian Update Services Sap Solutions
 
Red Hat Enterprise Linux Ibm Z Systems Eus
 
Red Hat Enterprise Linux Server Tus
 
Red Hat Enterprise Linux Eus
 
Red Hat Enterprise Linux Power Little Endian Eus
 
Debian Linux
 
NetApp Ontap Select Deploy Administration Utility
 
Libvirt
 

Exploit Probability

EPSS
0.48%
Percentile
64.70%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.