CVE-2023-3750

Summary

CVE	CVE-2023-3750
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-07-24 16:15:00 UTC
Updated	2023-11-07 14:15:00 UTC
Description	A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon.

Risk And Classification

Problem Types: CWE-667

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Redhat	Enterprise Linux	9.0	All	All	All
Application	Redhat	Libvirt	-	All	All	All

References

Reference	Source	Link	Tags
cve-details	MISC	access.redhat.com
2222210 – (CVE-2023-3750) CVE-2023-3750 libvirt: improper locking in virStoragePoolObjListSearch may lead to denial of service	MISC	bugzilla.redhat.com
Red Hat		access.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160960 Oracle Enterprise Linux Security Update for kvm_utils3 (ELSA-2023-12855)
161104 Oracle Enterprise Linux Security Update for libvirt (ELSA-2023-6409)
199616 Ubuntu Security Notification for libvirt Vulnerability (USN-6253-1)
242297 Red Hat Update for libvirt security (RHSA-2023:6409)
284910 Fedora Security Update for libvirt (FEDORA-2024-2d35e47af3)
941401 AlmaLinux Security Update for libvirt (ALSA-2023:6409)