CVE-2021-3975: 
NixOS vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2021-3975) was discovered in libvirt, affecting versions prior to 7.1.0. The flaw exists in the qemuProcessHandleMonitorEOF() function where the qemuMonitorUnregister() function is called using multiple threads without adequate monitor lock protection. This vulnerability was discovered in November 2021 and affects various Linux distributions including Red Hat Enterprise Linux, Ubuntu, and Debian (Ubuntu Security, Debian LTS).

The vulnerability stems from a thread synchronization issue in the libvirt's qemu process handling code. Specifically, in qemuProcessHandleMonitorEOF(), the qemuMonitorUnregister() function can be called by multiple threads simultaneously without proper lock protection, potentially leading to a use-after-free condition. The issue has been assigned a CVSS v3.1 base score of 5.3 (Medium) with vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility with low attack complexity (NVD).

The vulnerability can be triggered by the virConnectGetAllDomainStats API when a guest is shutting down. When successfully exploited, it allows an unprivileged client with a read-only connection to perform a denial of service attack by causing the libvirt daemon to crash (Debian LTS).

The vulnerability has been fixed in libvirt version 7.1.0 and later. The fix involves adding proper monitor locking in the qemuProcessHandleMonitorEOF function. The patch has been backported to various Linux distributions through their security updates. Organizations should update their libvirt installations to the patched versions available through their distribution's package management system (GitHub Commit).