Headline

CVE-2021-4147: deadlock and crash in libxl driver

A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.

2 years ago

CVE

Open in Source

#vulnerability #linux #red_hat #dos #git

Note: If your use of the APIs is failing with an error titled ‘API access must use the Authorization header’ then you need to read the API Authentication changes announcement

Bug 2034195 (CVE-2021-4147) - CVE-2021-4147 libvirt: deadlock and crash in libxl driver

Summary: CVE-2021-4147 libvirt: deadlock and crash in libxl driver

Keywords:

Status:

CLOSED NOTABUG

Alias:

CVE-2021-4147

Product:

Security Response

Classification:

Other

Component:

vulnerability

Sub Component:

Version:

unspecified

Hardware:

All

OS:

Linux

Priority:

low

Severity:

low

Target Milestone:

—

Assignee:

Red Hat Product Security

QA Contact:

Docs Contact:

URL:

Whiteboard:

Depends On:

2034252

Blocks:

2034186 2034658

TreeView+

depends on / blocked

Reported:

2021-12-20 11:37 UTC by Mauro Matteo Cascella

Modified:

2022-03-25 10:30 UTC (History)

CC List:

15 users (show)

Fixed In Version:

libvirt 2.33.0

Doc Type:

If docs needed, set a value

Doc Text:

A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.

Clone Of:

Environment:

Last Closed:

2021-12-20 14:19:50 UTC

Attachments

(Terms of Use)

Add an attachment (proposed patch, testcase, etc.)

Description Mauro Matteo Cascella 2021-12-20 11:37:31 UTC

A flaw was found in the libvirt libxl driver. A rouge guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. See https://listman.redhat.com/archives/libvir-list/2021-November/msg00908.html.

Comment 2 Mauro Matteo Cascella 2021-12-20 13:18:34 UTC

Upstream commits: https://gitlab.com/libvirt/libvirt/-/commit/23b51d7b8ec885e97a9277cf0a6c2833db4636e8 https://gitlab.com/libvirt/libvirt/-/commit/a4e6fba069c0809b8b5dde5e9db62d2efd91b4a0 https://gitlab.com/libvirt/libvirt/-/commit/e4f7589a3ec285489618ca04c8c0230cc31f3d99 https://gitlab.com/libvirt/libvirt/-/commit/b9a5faea49b7412e26d7389af4c32fc2b3ee80e5 https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340

Comment 3 Mauro Matteo Cascella 2021-12-20 13:48:21 UTC

Created libvirt tracking bugs for this issue:

Affects: fedora-all [bug 2034252]

Note You need to log in before you can comment on or make changes to this bug.