From changelog (URL): libxl: Fix potential deadlock and crash (CVE-2021-4147) A rogue guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.
It's actually only libvirt-8.0.0 that's affected, because the commit that introduced the regression was merged in the 8.0.0 development cycle. The fix was merged in the very next release. Commit that introduced the regression: https://gitlab.com/libvirt/libvirt/-/commit/cc2a3c2a94 Commit that fixed it: https://gitlab.com/libvirt/libvirt/-/commit/454b927d1e33a1fe9dca535db2c97300fdae62cc
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96cb0babf037056c1e09ab5decbb4f60a448bc21 commit 96cb0babf037056c1e09ab5decbb4f60a448bc21 Author: Michal Privoznik <mprivozn@redhat.com> AuthorDate: 2022-03-08 09:11:30 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-03-08 13:17:52 +0000 app-emulation/libvirt: Fix libvirtd crash on domain restore In the libvirt-8.0.0 development cycle a commit was merged that can potentially cause crash of libvirtd. This was fixed in the next release. Backport the commit that fixes the problem. Closes: https://bugs.gentoo.org/831447 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Closes: https://github.com/gentoo/gentoo/pull/24448 Signed-off-by: Sam James <sam@gentoo.org> ...ibxl-Fix-libvirtd-crash-on-domain-restore.patch | 37 ++++++++++++++++++++++ ...irt-8.0.0-r1.ebuild => libvirt-8.0.0-r2.ebuild} | 1 + 2 files changed, 38 insertions(+)
Thanks!
