CVE-2021-36305Improper Synchronization in Dell Powerscale Onefs

CWE-662Improper SynchronizationCWE-863Incorrect Authorization3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 53.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell Powerscale OnefsDell EMC Powerscale Onefs
Timeline
PublishedNov 12
Latest updateMay 24

Description

Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5dell/powerscale_onefs8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, 9.1.1.x, 8.2.2, 9.1.0.x , 9.2.1.x
NVDdell/emc_powerscale_onefs8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-wr2x-hp98-m8g3: Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling2022-05-24
CVEList
CVE-2021-36305: Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling2021-11-12
CVE-2021-36305 — Improper Synchronization in Dell | cvebase