Alexandre M

**Name of the Vulnerable Software and Affected Versions** libvirt versions prior to 1.2.1 **Description** The issue is related to multiple race conditions in certain functions within libvirt. These functions are `virDomainBlockStats`, `virDomainGetBlockInf`, `qemuDomainBlockJobImpl`, and `virDomainGetBlockIoTune`. The problem arises because these functions do not properly verify that the disk is attached. This oversight allows remote read-only attackers to cause a denial of service, specifically a crash of the `libvirtd` service, by utilizing the `virDomainDetachDeviceFlags` command. **Recommendations** For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `virDomainDetachDeviceFlags` command to minimize the risk of exploitation. Additionally, ensure that all disk attachments are properly verified before performing any operations that could trigger the race conditions in the affected functions.