CVE-2021-3667
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD
Description
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
Affected (4)
Products: Redhat: Libvirt, Enterprise Linux · Netapp: Ontap Select Deploy Administration Utility · Debian: Debian Linux
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 8.0 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.0 |
References (12)
Source: secalert@redhat.com
Issue TrackingVendor Advisory
Source: secalert@redhat.com
PatchThird Party Advisory
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.