Libvirt: improper locking in virstoragepoolobjlistsearch may lead to denial of service
CVE-2023-3750

6.5MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 9
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
24 July 2023

What is CVE-2023-3750?

A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon.

Affected Version(s)

Red Hat Enterprise Linux 9 0:9.5.0-7.el9_3

References

https://access.redhat.com/errata/RHSA-2023:6409
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-3750
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2222210
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.