Unknown
CVE-2021-3975
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2021-3975
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
- canonical,
- debian,
- fedoraproject,
- netapp,
- redhat
Products
- codeready linux builder -,
- debian linux 10.0,
- debian linux 11.0,
- enterprise linux 8.0,
- enterprise linux eus 8.6,
- enterprise linux for ibm z systems 8.0,
- enterprise linux for ibm z systems eus 8.6,
- enterprise linux for power little endian 8.0,
- enterprise linux for power little endian eus 8.6,
- enterprise linux server for power little endian update services for sap solutions 8.6,
- enterprise linux server tus 8.6,
- fedora 35,
- libvirt,
- ontap select deploy administration utility -,
- ubuntu linux 21.10
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
