CVE-2021-3975

MEDIUM

libvirt < 7.1.0 - Use-After-Free in qemuMonitorUnregister

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-3975. PoCs published by yan5ui.

AI-analyzed exploit summary This repository contains source code and scripts related to CVE-2021-3975, focusing on ACL (Access Control List) checks and validation in libvirt. The provided scripts and code snippets are part of the libvirt project and are used for validating ACL implementations and ensuring proper security checks are in place.

Description

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.

Exploits (1)

nomisec WRITEUP
by yan5ui · poc
https://github.com/yan5ui/ENV-CVE-2021-3975

This repository contains source code and scripts related to CVE-2021-3975, focusing on ACL (Access Control List) checks and validation in libvirt. The provided scripts and code snippets are part of the libvirt project and are used for validating ACL implementations and ensuring proper security checks are in place.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: libvirt
No auth needed
Prerequisites: Access to libvirt source code · Understanding of ACL mechanisms in libvirt
mistral-large-3 · analyzed Jun 18, 2026 Full analysis →

Scores

CVSS v3 6.5
EPSS 0.0122
EPSS Percentile 65.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-416
Status published
Products (15)
canonical/ubuntu_linux 21.10
debian/debian_linux 10.0
debian/debian_linux 11.0
fedoraproject/fedora 35
netapp/ontap_select_deploy_administration_utility
redhat/codeready_linux_builder
redhat/enterprise_linux 8.0
redhat/enterprise_linux_eus 8.6
redhat/enterprise_linux_for_ibm_z_systems 8.0
redhat/enterprise_linux_for_ibm_z_systems_eus 8.6
... and 5 more
Published Aug 23, 2022
Tracked Since Feb 18, 2026