CVE-2021-3667

An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.

CVSS v3 6.5 MEDIUM
CVSS v2.0 3.5 LOW

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:N/A:P

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1986094	Issue Tracking Vendor Advisory
https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87	Patch Third Party Advisory
https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87
https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html
https://security.gentoo.org/glsa/202210-06	Third Party Advisory
https://security.netapp.com/advisory/ntap-20220331-0005/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*

Configuration 3 (hide)

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

History

01 Apr 2024, 13:16

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html -

Information

Published : 2022-03-02 23:15

Updated : 2024-04-01 13:16

NVD link : CVE-2021-3667

Mitre link : CVE-2021-3667

CVE.ORG link : CVE-2021-3667

JSON object : View

Products Affected

netapp

ontap_select_deploy_administration_utility

redhat

enterprise_linux
libvirt

CWE

CWE-667

Improper Locking

{"id": "CVE-2021-3667", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-03-02T23:15:08.843", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986094", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87", "source": "secalert@redhat.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html", "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/202210-06", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security.netapp.com/advisory/ntap-20220331-0005/", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-667"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-667"}]}], "descriptions": [{"lang": "en", "value": "An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability."}, {"lang": "es", "value": "Se ha encontrado un problema de bloqueo inapropiado en la API virStoragePoolLookupByTargetPath de libvirt. Ocurre en la funci\u00f3n storagePoolLookupByTargetPath, donde un objeto virStoragePoolObj bloqueado no es liberado apropiadamente al fallar el permiso ACL. Los clientes que son conectados al socket de lectura-escritura con permisos ACL limitados podr\u00edan usar este fallo para adquirir el bloqueo e impedir que otros usuarios accedan a las APIs de pools/vol\u00famenes de almacenamiento, resultando en una condici\u00f3n de denegaci\u00f3n de servicio. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema"}], "lastModified": "2024-04-01T13:16:45.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C22B8D1C-DDB7-45C4-AF7D-C308743A4C7A", "versionEndIncluding": "7.5.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*", "vulnerable": true, "matchCriteriaId": "3AA08768-75AF-4791-B229-AE938C780959"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}