CVE-2021-3667

02.03.2022, 23:15

An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 48%

Vendor	Product	Version
redhat	libvirt	4.1.0 ≤ 𝑥 ≤ 7.5.0
redhat	enterprise_linux	8.0
netapp	ontap_select_deploy_administration_utility	-
debian	debian_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libvirt

bullseye	7.0.0-3+deb11u3 fixed
stretch	not-affected
bookworm	9.0.0-4+deb12u1 fixed
sid	10.9.0-1 fixed
trixie	10.9.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libvirt

jammy	Fixed 7.6.0-0ubuntu3 released
impish	not-affected
hirsute	ignored
focal	Fixed 6.0.0-0ubuntu8.16 released
bionic	not-affected
xenial	not-affected
trusty	not-affected

Common Weakness Enumeration

CWE-667 - Improper Locking
The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1986094

https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87

https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87

https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html