CVE-2023-3750

Summary

A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 90:9.5.0-7.el9_3 < *unaffected

Weaknesses

  • CWE-667: Improper Locking

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References