{
  "threat_severity" : "Low",
  "public_date" : "2021-11-29T00:00:00Z",
  "bugzilla" : {
    "description" : "libvirt: deadlock and crash in libxl driver",
    "id" : "2034195",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2034195"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-667",
  "details" : [ "A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.", "A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition." ],
  "statement" : "The versions of `libvirt` as shipped with Red Hat Enterprise Linux do not support the libxl hypervisor driver for Xen. Therefore, Red Hat Enterprise Linux is not affected by this flaw.",
  "acknowledgement" : "Red Hat would like to thank Jim Fehlig (SUSE) for reporting this issue.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "libvirt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "libvirt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "virt:rhel/libvirt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "fix_state" : "Not affected",
    "package_name" : "virt:8.2/libvirt",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "fix_state" : "Not affected",
    "package_name" : "virt:av/libvirt",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "libvirt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-4147\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4147" ],
  "name" : "CVE-2021-4147",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}