{"id":"CVE-2021-3559","details":"A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability.","modified":"2026-03-14T11:01:19.096424Z","published":"2021-05-24T12:15:07.677Z","references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210706-0006/"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1962306"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libvirt/libvirt","events":[{"introduced":"e27603980ac8b12b5ea6eab93cede8a869ddf48d"},{"fixed":"501563469e67ea54be4ec1b3b84d4f0405e90ea4"}],"database_specific":{"versions":[{"introduced":"6.10.0"},{"fixed":"7.0.0"}]}}],"versions":["v6.10.0","v7.0.0-rc1","v7.0.0-rc2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3559.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}