Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2021-3667

Published: 02/03/2022 Updated: 01/04/2024
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P
Subscribe to Libvirt

Vulnerability Summary

It exists that libvirt incorrectly handled the libxl driver. An attacker inside a guest could possibly use this issue to cause libvirtd to crash or stop responding, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2021-4147)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat libvirt

redhat enterprise linux 8.0

netapp ontap select deploy administration utility -

Vendor Advisories

Debian CVElist Bug Report Logs: libvirt: CVE-2021-3667
Debian Bug report logs - #991594 libvirt: CVE-2021-3667 Package: src:libvirt; Maintainer for src:libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Wed, 28 Jul 2021 09:15:04 UTC Severity: important Tags: security, upstream F ...
Ubuntu Security Notice: USN-5399-1: libvirt vulnerabilities
Several security issues were fixed in libvirt ...
Red Hat: CVE-2021-3667
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lo ...
Arch Linux Issues:
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lo ...

References

CWE-667https://bugzilla.redhat.com/show_bug.cgi?id=1986094https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87https://security.netapp.com/advisory/ntap-20220331-0005/https://security.gentoo.org/glsa/202210-06https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87https://lists.debian.org/debian-lts-announce/2024/04/msg00000.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991594https://ubuntu.com/security/notices/USN-5399-1https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook