rpm package
opensuse/libvirt&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/libvirt&distro=openSUSE%20Leap%2015.3
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-0897 | — | < 7.1.0-150300.6.29.1 | 7.1.0-150300.6.29.1 | Mar 25, 2022 | A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilt | ||
| CVE-2021-4147 | — | < 7.1.0-6.11.1 | 7.1.0-6.11.1 | Mar 25, 2022 | A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. | ||
| CVE-2021-3667 | — | < 7.1.0-6.5.1 | 7.1.0-6.5.1 | Mar 2, 2022 | An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write soc | ||
| CVE-2021-3631 | — | < 7.1.0-6.5.1 | 7.1.0-6.5.1 | Mar 2, 2022 | A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to | ||
| CVE-2021-4190 | — | < 7.1.0-150300.6.23.1 | 7.1.0-150300.6.23.1 | Dec 30, 2021 | Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file | ||
| CVE-2021-4185 | — | < 7.1.0-150300.6.23.1 | 7.1.0-150300.6.23.1 | Dec 30, 2021 | Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | ||
| CVE-2021-4184 | — | < 7.1.0-150300.6.23.1 | 7.1.0-150300.6.23.1 | Dec 30, 2021 | Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | ||
| CVE-2021-4183 | — | < 7.1.0-150300.6.23.1 | 7.1.0-150300.6.23.1 | Dec 30, 2021 | Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file | ||
| CVE-2021-4182 | — | < 7.1.0-150300.6.23.1 | 7.1.0-150300.6.23.1 | Dec 30, 2021 | Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | ||
| CVE-2021-4181 | — | < 7.1.0-150300.6.23.1 | 7.1.0-150300.6.23.1 | Dec 30, 2021 | Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file |
- CVE-2022-0897Mar 25, 2022affected < 7.1.0-150300.6.29.1fixed 7.1.0-150300.6.29.1
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilt
- CVE-2021-4147Mar 25, 2022affected < 7.1.0-6.11.1fixed 7.1.0-6.11.1
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.
- CVE-2021-3667Mar 2, 2022affected < 7.1.0-6.5.1fixed 7.1.0-6.5.1
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write soc
- CVE-2021-3631Mar 2, 2022affected < 7.1.0-6.5.1fixed 7.1.0-6.5.1
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to
- CVE-2021-4190Dec 30, 2021affected < 7.1.0-150300.6.23.1fixed 7.1.0-150300.6.23.1
Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file
- CVE-2021-4185Dec 30, 2021affected < 7.1.0-150300.6.23.1fixed 7.1.0-150300.6.23.1
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
- CVE-2021-4184Dec 30, 2021affected < 7.1.0-150300.6.23.1fixed 7.1.0-150300.6.23.1
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
- CVE-2021-4183Dec 30, 2021affected < 7.1.0-150300.6.23.1fixed 7.1.0-150300.6.23.1
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
- CVE-2021-4182Dec 30, 2021affected < 7.1.0-150300.6.23.1fixed 7.1.0-150300.6.23.1
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
- CVE-2021-4181Dec 30, 2021affected < 7.1.0-150300.6.23.1fixed 7.1.0-150300.6.23.1
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file