CVE-2023-3750: Libvirt: improper locking in virstoragepoolobjlistsearch may lead to denial of service

Description

A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon.

Classification

CVE ID: CVE-2023-3750

Affected Products

Vendor: Red Hat

Product: Red Hat Enterprise Linux 9

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 33.16% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://access.redhat.com/errata/RHSA-2023:6409
https://access.redhat.com/security/cve/CVE-2023-3750
https://bugzilla.redhat.com/show_bug.cgi?id=2222210

Timeline

2024-12-04 00:11:17 UTC
CVE

Libvirt: improper locking in virstoragepoolobjlistsearch may lead to denial of service