PT-2021-7380 · Libvirt+10 · Libvirt+10

Mauro Matteo Cascella

Published

2021-07-28

Updated

2025-02-10

CVE-2021-3667

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libvirt (affected versions not specified)

Description An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALSA-2021:4191

ALT-PU-2021-2714

ALT-PU-2021-3364

BDU:2022-05841

CESA-2021_4191

CVE-2021-3667

DLA-3778-1

MGASA-2021-0547

OESA-2021-1385

OPENSUSE-SU-2021:1451-1

OPENSUSE-SU-2021:2812-1

OPENSUSE-SU-2021_1451-1

OPENSUSE-SU-2021_2812-1

OPENSUSE-SU-2024:11008-1

RHSA-2021:3703

RHSA-2021:3704

RHSA-2021:4191

RHSA-2021_4191

RLSA-2021:4191

SUSE-SU-2021:2812-1

SUSE-SU-2021:3277-1

SUSE-SU-2021:3540-1

SUSE-SU-2021:3586-1

SUSE-SU-2021_3277-1

SUSE-SU-2021_3540-1

SUSE-SU-2021_3586-1

USN-5399-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libvirt

PT-2021-7380 · Libvirt+10 · Libvirt+10

CVE-2021-3667

Weakness Enumeration

Related Identifiers

Affected Products

References · 119