CVE-2021-22340

Name of the Vulnerable Software and Affected Versions ManageOne versions 6.5.1.SPC200, 8.0.0, 8.0.0-LCND81, 8.0.0.SPC100, 8.0.1, 8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100 SMC2.0 versions V600R019C10SPC700, V600R019C10SPC702, V600R019C10SPC703, V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931

Description The issue is caused by a multiple threads race condition vulnerability, which can be exploited by an attacker with root permission. This vulnerability exists due to errors in synchronization when using a shared resource, allowing for concurrent I/O read by multiple threads. Successful exploitation may cause the system to crash.

Recommendations For ManageOne versions 6.5.1.SPC200, 8.0.0, 8.0.0-LCND81, 8.0.0.SPC100, 8.0.1, 8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100, consider restricting access to shared resources to minimize the risk of exploitation. For SMC2.0 versions V600R019C10SPC700, V600R019C10SPC702, V600R019C10SPC703, V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931, restrict concurrent I/O read operations to prevent system crashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.