Software: libvirt 6.0.0 OS: ROSA Virtualization 2.1 package_evr_string: libvirt-6.0.0-28.module+el8.3.0+7827+5e65edd7.src.rpm CVE-ID: CVE-2021-3631 BDU-ID: 2024-02428 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libvirt virtualization management library is related to the creation of SELinux MCS category pairs for dynamic virtual machine labels. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information CVE-STATUS: Not Relevant CVE-REV: CVE-ID: CVE-2021-3975 BDU-ID: None CVE-Crit: N/A CVE-DESC.: A use-after-free vulnerability has been discovered in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without adequate protection by monitor locking. This flaw can be caused by the virConnectGetAllDomainStats API when the guest is terminated. An unprivileged client with a read-only connection could exploit this vulnerability to perform a denial-of-service attack, causing the libvirt daemon to crash. CVE-STATUS: Not Relevant…Read More