CVE-2021-3559

Name of the Vulnerable Software and Affected Versions libvirt versions prior to 7.0.0

Description The issue is related to a buffer overflow in the libvirt library's virConnectListAllNodeDevices API when using the GRID driver. This could allow a remote attacker to cause a denial of service by executing the 'nodedev-list' virsh command. The threat primarily affects system availability, particularly on hosts with a PCI device and a driver that supports mediated devices, such as the GRID driver.

Recommendations For versions prior to 7.0.0, update to version 7.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the virConnectListAllNodeDevices API or the 'nodedev-list' virsh command to minimize the risk of exploitation.