Описание
A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability.
A flaw was found in libvirt in the virConnectListAllNodeDevices API. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability.
Отчет
The versions of libvirt as shipped with Red Hat Enterprise Linux 6, 7, 8, and Red Hat Enterprise Linux Advanced Virtualization 8 are not affected by this issue, as they did not include the vulnerable code, which was introduced in a later version of the package (libvirt-v6.10.0).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libvirt | Not affected | ||
| Red Hat Enterprise Linux 7 | libvirt | Not affected | ||
| Red Hat Enterprise Linux 8 | virt:rhel/libvirt | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:8.2/libvirt | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:8.3/libvirt | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:av/libvirt | Not affected | ||
| Red Hat Enterprise Linux 9 | libvirt | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability.
A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability.
A flaw was found in libvirt in the virConnectListAllNodeDevices API in ...
A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability.
Уязвимость API virConnectListAllNodeDevices библиотеки управления виртуализацией Libvirt при использовании драйвера GRID, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.5 Medium
CVSS3