SB20231107108 - Red Hat Enterprise Linux 9 update for libvirt
Published: November 7, 2023
Security Bulletin ID
SB20231107108
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition (CVE-ID: CVE-2023-3750)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the virStoragePoolObjListSearch() function. which does not return a locked pool as expected. A remote attacker with ability to connect to the read-only socket can crash the libvirt daemon.
Remediation
Install update from vendor's website.