libvirt: fix CVE-2021-3667 - linux/meta-virtualization.git - Mirror of git.yoctoproject.org/meta-virtualization

diff options

author	Xu, Yanfei <yanfei.xu@windriver.com>	2021-11-24 10:51:33 +0800
committer	Bruce Ashfield <bruce.ashfield@gmail.com>	2021-11-24 16:59:58 -0500
commit	be2c9d6efe545ec6718902be9c56a698662ff055 (patch)
tree	b28d9d1dde049fbbebfe311b4bf88441b04889f1 /recipes-extended/xvisor/files/0001-build-use-usr-bin-env-for-python-scripts.patch
parent	3d8ac6655c6e1b298969a10a2679f20cab1013e9 (diff)
download	meta-virtualization-be2c9d6efe545ec6718902be9c56a698662ff055.tar.gz

libvirt: fix CVE-2021-3667

Backport a fix for CVE-2021-3667. The CVE discription: An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1986094 Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

Diffstat (limited to 'recipes-extended/xvisor/files/0001-build-use-usr-bin-env-for-python-scripts.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: