CVE-2021-25316

CWE-3773 documents3 sources

Severity

3.3LOW

EPSS

0.0%

top 87.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Suse Linux Enterprise Server 12-sp5 Suse Suse Linux Enterprise Server 15-sp2 Suse S390-tools

Timeline

PublishedApr 14

Latest updateMay 24

Description

A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5suse/suse_linux_enterprise_server_12-sp5s390-tools — 2.1.0-18.29.1

▶CVEListV5suse/suse_linux_enterprise_server_15-sp2s390-tools — 2.11.0-9.20.1

▶NVDsuse/s390-tools< 2.1.0-18.29.1+1

🔴Vulnerability Details

GHSA

GHSA-xww5-ggv5-g549: A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attacke↗2022-05-24

▶

CVEList

Local DoS of VM live migration due to use of static tmp files in detach_disks.sh in s390-tools↗2021-04-14

▶