4 matches found
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
...
DEBIAN-CVE-2021-3667
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...
CLSA-2022-1646071990 Fix of CVE: CVE-2021-3667, CVE-2021-3631
CVE-2021-3631: security: fix SELinux label generation logic - CVE-2021-3667: storagedriver: Unlock object on ACL fail in storagePoolLookupByTargetPath...
OPENSUSE-SU-2021:2812-1 Security update for libvirt
This update for libvirt fixes the following issues: Security issues fixed: - CVE-2021-3631: fix SELinux label generation logic bsc1187871 - CVE-2021-3667: Unlock object on ACL fail in storagePoolLookupByTargetPath bsc1188843 Non-security issues fixed: - virtlockd: Don't report error if lockspace...