How severe is CVE-2021-3667?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2021-3667?

This is classified as CWE-667, which is a common weakness in software security.

CVE-2021-3667

MEDIUM Year: 2021

CVSS v3 Score

6.5

Medium

CVSS v2 Score

3.5

Low

Weakness Type

CWE-667

View all →

Vulnerability Description

An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.

CVE-2021-20291

MEDIUM

CVSS:6.5(Medium)

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not ...

CWE-6672021

CVE-2021-31785

MEDIUM

CVSS:6.5(Medium)

The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to tr...

CWE-6672021

CVE-2021-31786

MEDIUM

CVSS:6.5(Medium)

The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, al...

CWE-6672021

CVE-2021-4147

MEDIUM

CVSS:6.5(Medium)

A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.

CWE-6672021

CVE-2024-45818

MEDIUM

CVSS:6.5(Medium)

The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving a lock acquired p...

CWE-6672024

CVE-2022-20371

MEDIUM

CVSS:6.4(Medium)

In dm_bow_dtr and related functions of dm-bow.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. U...

CWE-6672022

CVE-2021-3667

Vulnerability Description

Related Vulnerabilities

CVE-2021-20291

CVE-2021-31785

CVE-2021-31786

CVE-2021-4147

CVE-2024-45818

CVE-2022-20371