CVE-2021-3667 log

Severity Low
Remote No
Type Denial of service
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt before version 7.6.0. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition.
Group Package Affected Fixed Severity Status Ticket
AVG-2230 libvirt 1:7.5.0-1 1:7.6.0-1 Low Fixed