CVE-2021-3667 vulnerability in Red Hat and Other Products
Published on March 2, 2022
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
Weakness Type
Improper Locking
The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Products Associated with CVE-2021-3667
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-3667 are published in these products:
Exploit Probability
EPSS
0.44%
Percentile
62.58%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.