Bugzilla – Bug 1188843
VUL-0: CVE-2021-3667: libvirt: improper locking on ACL failure in virStoragePoolLookupByTargetPath API
Last modified: 2024-06-07 07:53:44 UTC
rh#1986094 A flaw was found in the libvirt virStoragePoolLookupByTargetPath API. The storagePoolLookupByTargetPath() function does not properly release a locked object (virStoragePoolObj) on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. Upstream fix: https://libvirt.org/git/?p=libvirt.git;a=commit;h=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87 References: https://bugzilla.redhat.com/show_bug.cgi?id=1986094 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3667
(In reply to Robert Frohl from comment #0) > rh#1986094 As noted in the RH bug, the issue goes back to libvirt 4.1.0 https://bugzilla.redhat.com/show_bug.cgi?id=1986094#c6 So in terms of distros: Factory, SLE15 SP1/2/3, and SLE12 SP5. Factory will be covered by the upcoming libvirt 7.6.0 release. I'll backport the patch for the others. Actually, do we care about SLE15 SP1?
Note to self: patches have been backported to SLE15 SP1/2/3 and 12 SP5. Everything is committed to the appropriate Devel:Virt:SLE* projects and ready for maintenancereq. MRs for the various distros were submitted not long ago, so maybe I'll wait for a bit to see if there are other bug fixes accrue before submitting again.
# maintenance_jira_update_notice openSUSE-SU-2021:2812-1: An update that solves two vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1184253,1187871,1188232,1188843 CVE References: CVE-2021-3631,CVE-2021-3667 JIRA References: Sources used: openSUSE Leap 15.3 (src): libvirt-7.1.0-6.5.1
# maintenance_jira_update_notice SUSE-SU-2021:2812-1: An update that solves two vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1184253,1187871,1188232,1188843 CVE References: CVE-2021-3631,CVE-2021-3667 JIRA References: Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): libvirt-7.1.0-6.5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): libvirt-7.1.0-6.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3277-1: An update that solves one vulnerability and has three fixes is now available. Category: security (moderate) Bug References: 1182783,1184772,1185081,1188843 CVE References: CVE-2021-3667 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): libvirt-5.1.0-13.25.1 SUSE Linux Enterprise Server 12-SP5 (src): libvirt-5.1.0-13.25.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Updated libvirt packages now submitted for SLE15 SP1 and SP2 maintenance. Submissions for all affected distros have now been done. Passing the bug to security.
SUSE-SU-2021:3540-1: An update that solves one vulnerability and has 5 fixes is now available. Category: security (important) Bug References: 1182783,1184152,1184772,1185081,1188843,1190420 CVE References: CVE-2021-3667 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): libvirt-5.1.0-8.29.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): libvirt-5.1.0-8.29.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): libvirt-5.1.0-8.29.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): libvirt-5.1.0-8.29.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): libvirt-5.1.0-8.29.1 SUSE Enterprise Storage 6 (src): libvirt-5.1.0-8.29.1 SUSE CaaS Platform 4.0 (src): libvirt-5.1.0-8.29.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3586-1: An update that solves one vulnerability and has 6 fixes is now available. Category: security (moderate) Bug References: 1177902,1186398,1188232,1188843,1190420,1190693,1190695 CVE References: CVE-2021-3667 JIRA References: Sources used: SUSE MicroOS 5.0 (src): libvirt-6.0.0-13.21.1 SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): libvirt-6.0.0-13.21.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): libvirt-6.0.0-13.21.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:1451-1: An update that solves one vulnerability and has 6 fixes is now available. Category: security (moderate) Bug References: 1177902,1186398,1188232,1188843,1190420,1190693,1190695 CVE References: CVE-2021-3667 JIRA References: Sources used: openSUSE Leap 15.2 (src): libvirt-6.0.0-lp152.9.15.1