CVE-2021-3667

Опубликовано: 02 мар. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 3.5

EPSS Низкий

Описание

An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1986094
Issue Tracking
Vendor Advisory
https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87
Patch
Third Party Advisory
https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87
Patch
https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202210-06
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220331-0005/
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1986094
Issue Tracking
Vendor Advisory
https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87
Patch
Third Party Advisory
https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87
Patch
https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202210-06
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220331-0005/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*

Версия от 4.1.0 (включая) до 7.5.0 (включая)

Конфигурация 2

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*

Конфигурация 3

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00245

Низкий

6.5 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-667

Связанные уязвимости

CVE-2021-3667

CVSS3: 6.5

ubuntu

больше 3 лет назад

CVE-2021-3667

CVSS3: 6.5

redhat

почти 4 года назад

CVE-2021-3667

CVSS3: 6.5

msrc

больше 3 лет назад

Описание отсутствует

CVE-2021-3667

CVSS3: 6.5

debian

больше 3 лет назад

An improper locking issue was found in the virStoragePoolLookupByTarge ...

openSUSE-SU-2021:1451-1

suse-cvrf

больше 3 лет назад

Security update for libvirt

EPSS

Процентиль: 48%

0.00245

Низкий

6.5 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-667