CVE-2021-4147

NameCVE-2021-4147
DescriptionA flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs1002535

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libvirt (PTS)stretch3.0.0-4+deb9u4vulnerable
stretch (security)3.0.0-4+deb9u5vulnerable
buster5.0.0-4+deb10u1vulnerable
bullseye7.0.0-3vulnerable
bookworm, sid8.4.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libvirtsource(unstable)7.10.0-21002535

Notes

[bullseye] - libvirt <no-dsa> (Minor issue)
[buster] - libvirt <no-dsa> (Minor issue)
[stretch] - libvirt <no-dsa> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=2034195
https://listman.redhat.com/archives/libvir-list/2021-November/msg00908.html
https://gitlab.com/libvirt/libvirt/-/commit/23b51d7b8ec885e97a9277cf0a6c2833db4636e8
https://gitlab.com/libvirt/libvirt/-/commit/a4e6fba069c0809b8b5dde5e9db62d2efd91b4a0
https://gitlab.com/libvirt/libvirt/-/commit/e4f7589a3ec285489618ca04c8c0230cc31f3d99
https://gitlab.com/libvirt/libvirt/-/commit/b9a5faea49b7412e26d7389af4c32fc2b3ee80e5
https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d
https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340

Search for package or bug name: Reporting problems