CVE-2023-3750

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libvirt (affected versions not specified)

Description A flaw was found in the virStoragePoolObjListSearch function of libvirt, which does not return a locked pool as expected. This results in a race condition and denial of service when attempting to lock the same object from another thread. The issue could allow clients connecting to the read-only socket to crash the libvirt daemon. The flaw is caused by synchronization errors when using a shared resource, and its exploitation could allow a remote attacker to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALSA-2023:6409

ALT-PU-2023-5242

ALT-PU-2023-5491

ALT-PU-2023-6626

BDU:2024-02835

CVE-2023-3750

OPENSUSE-SU-2023_3043-1

OPENSUSE-SU-2024:13061-1

RHSA-2023:6409

RHSA-2023_6409

SUSE-SU-2023:3043-1

SUSE-SU-2023_3043-1

USN-6253-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Red Hat

Suse

Ubuntu

Libvirt

CVE-2023-3750

Weakness Enumeration

Related Identifiers

Affected Products

References · 31