On Thu, Jul 22, 2021 at 11:14 AM Mauro Matteo Cascella
wrote:
>
> Hi Peter,
>
> I'm going to allocate a new (low impact) CVE for this bug.
This issue was assigned CVE-2021-3667.
> Thanks.
--
Mauro Matteo Cascella
Red Hat Product Security
PGP-Key ID: BB3410B0
On 7/21/21 11:27 AM, Peter Krempa wrote:
> 'virStoragePoolObjListSearch' returns a locked and refed object, thus we
> must release it on ACL permission failure.
>
> Fixes: 7aa0e8c0cb8
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984318
> Signed-off-by: Peter Krempa
> ---
>
Hi Peter,
I'm going to allocate a new (low impact) CVE for this bug.
Thanks.
On Wed, Jul 21, 2021 at 11:34 AM Peter Krempa wrote:
>
> Adding libvirt-security since I forgot when sending the patch.
>
> On Wed, Jul 21, 2021 at 11:27:41 +0200, Peter Krempa wrote:
> > 'virStoragePoolObjListSearch'
Adding libvirt-security since I forgot when sending the patch.
On Wed, Jul 21, 2021 at 11:27:41 +0200, Peter Krempa wrote:
> 'virStoragePoolObjListSearch' returns a locked and refed object, thus we
> must release it on ACL permission failure.
>
> Fixes: 7aa0e8c0cb8
> Resolves:
'virStoragePoolObjListSearch' returns a locked and refed object, thus we
must release it on ACL permission failure.
Fixes: 7aa0e8c0cb8
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984318
Signed-off-by: Peter Krempa
---
Technically a security issue since it DoS-es the objects a user