CVE-2021-3667 — Improper Locking in Redhat Libvirt
Severity
6.5MEDIUMNVD
OSV6.7
EPSS
0.4%
top 36.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 2
Latest updateMay 2
Description
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerabi…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6
Affected Packages4 packages
Also affects: Debian Linux 10.0, Enterprise Linux 8.0
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-q27q-h2jw-qq6c: An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt↗2022-03-04
OSV▶
CVE-2021-3667: An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt↗2022-03-02
CVEList▶
CVE-2021-3667: An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt↗2022-03-02
📋Vendor Advisories
4Microsoft▶
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not prope↗2022-03-08
Debian▶
CVE-2021-3667: libvirt - An improper locking issue was found in the virStoragePoolLookupByTargetPath API ...↗2021