CVE-2021-3667 - log back

CVE-2021-3667 edited at 02 Aug 2021 14:47:21
Description
- An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition.
+ An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt before version 7.6.0. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition.
CVE-2021-3667 edited at 28 Jul 2021 08:45:06
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1986094
+ https://bugzilla.redhat.com/show_bug.cgi?id=1984318
+ https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87
Notes
CVE-2021-3667 created at 28 Jul 2021 08:43:01