Описание
A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon.
Отчет
The versions of libvirt as shipped with Red Hat Enterprise Linux 6, 7, and 8 are not affected by this flaw, as they did not include the unlocking refactor that introduced the bug (upstream commit 0c4b391e2a9).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libvirt | Not affected | ||
| Red Hat Enterprise Linux 7 | libvirt | Not affected | ||
| Red Hat Enterprise Linux 8 | virt:rhel/libvirt | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:av/libvirt | Not affected | ||
| Red Hat Enterprise Linux 9 | libvirt | Fixed | RHSA-2023:6409 | 07.11.2023 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon.
A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon.
A flaw was found in libvirt. The virStoragePoolObjListSearch function ...
6.5 Medium
CVSS3