CVE-2021-3559

Published: May 24, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability.

Affected (2)

Products: Redhat: Libvirt · Netapp: Ontap Select Deploy Administration Utility

1 product

1 product

Ontap Select Deploy Administration Utility

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Libvirt	From 6.10.0 to 7.0.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Ontap Select Deploy Administration Utility	All versions

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=1962306

Source: secalert@redhat.com

Issue TrackingPatchVendor Advisory

https://security.netapp.com/advisory/ntap-20210706-0006/

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1962306

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

https://security.netapp.com/advisory/ntap-20210706-0006/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.