Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-3559

Опубликовано: 24 мая 2021
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4
CVSS3: 6.5

Описание

A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability.

РелизСтатусПримечание
bionic

not-affected

4.0.0-1ubuntu8.19
devel

not-affected

7.0.0-2ubuntu2
esm-infra-legacy/trusty

not-affected

esm-infra/bionic

not-affected

4.0.0-1ubuntu8.19
esm-infra/focal

not-affected

6.0.0-0ubuntu8.9
esm-infra/xenial

not-affected

focal

not-affected

6.0.0-0ubuntu8.9
groovy

not-affected

6.6.0-1ubuntu3.5
hirsute

not-affected

7.0.0-2ubuntu2
impish

not-affected

7.0.0-2ubuntu2

Показывать по

Ссылки на источники

EPSS

Процентиль: 58%
0.00368
Низкий

4 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-3559

CVSS3: 6.5
redhat
около 5 лет назад

A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability.

nvd логотип

CVE-2021-3559

CVSS3: 6.5
nvd
больше 4 лет назад

A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability.

debian логотип

CVE-2021-3559

CVSS3: 6.5
debian
больше 4 лет назад

A flaw was found in libvirt in the virConnectListAllNodeDevices API in ...

github логотип

GHSA-4236-36gg-25m7

CVSS3: 6.5
github
больше 3 лет назад

A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability.

fstec логотип

BDU:2021-04612

CVSS3: 6.5
fstec
около 5 лет назад

Уязвимость API virConnectListAllNodeDevices библиотеки управления виртуализацией Libvirt при использовании драйвера GRID, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 58%
0.00368
Низкий

4 Medium

CVSS2

6.5 Medium

CVSS3