Bug 1188843 - (CVE-2021-3667) VUL-0: CVE-2021-3667: libvirt: improper locking on ACL failure in virStoragePoolLookupByTargetPath API
(CVE-2021-3667)
VUL-0: CVE-2021-3667: libvirt: improper locking on ACL failure in virStorageP...
Status: IN_PROGRESS
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/305236/
CVSSv3.1:SUSE:CVE-2021-3667:6.5:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-07-28 08:13 UTC by Robert Frohl
Modified: 2021-11-05 17:22 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2021-07-28 08:13:14 UTC
rh#1986094

A flaw was found in the libvirt virStoragePoolLookupByTargetPath API. The storagePoolLookupByTargetPath() function does not properly release a locked object (virStoragePoolObj) on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition.

Upstream fix:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1986094
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3667
Comment 1 James Fehlig 2021-07-29 19:38:09 UTC
(In reply to Robert Frohl from comment #0)
> rh#1986094

As noted in the RH bug, the issue goes back to libvirt 4.1.0

https://bugzilla.redhat.com/show_bug.cgi?id=1986094#c6

So in terms of distros: Factory, SLE15 SP1/2/3, and SLE12 SP5. Factory will be covered by the upcoming libvirt 7.6.0 release. I'll backport the patch for the others. Actually, do we care about SLE15 SP1?
Comment 2 James Fehlig 2021-07-29 20:46:48 UTC
Note to self: patches have been backported to SLE15 SP1/2/3 and 12 SP5. Everything is committed to the appropriate Devel:Virt:SLE* projects and ready for maintenancereq. MRs for the various distros were submitted not long ago, so maybe I'll wait for a bit to see if there are other bug fixes accrue before submitting again.
Comment 6 Swamp Workflow Management 2021-08-23 13:22:01 UTC
# maintenance_jira_update_notice
openSUSE-SU-2021:2812-1: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1184253,1187871,1188232,1188843
CVE References: CVE-2021-3631,CVE-2021-3667
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    libvirt-7.1.0-6.5.1
Comment 7 Swamp Workflow Management 2021-08-23 13:27:18 UTC
# maintenance_jira_update_notice
SUSE-SU-2021:2812-1: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1184253,1187871,1188232,1188843
CVE References: CVE-2021-3631,CVE-2021-3667
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    libvirt-7.1.0-6.5.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    libvirt-7.1.0-6.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2021-10-04 10:17:09 UTC
SUSE-SU-2021:3277-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (moderate)
Bug References: 1182783,1184772,1185081,1188843
CVE References: CVE-2021-3667
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    libvirt-5.1.0-13.25.1
SUSE Linux Enterprise Server 12-SP5 (src):    libvirt-5.1.0-13.25.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 James Fehlig 2021-10-05 17:36:19 UTC
Updated libvirt packages now submitted for SLE15 SP1 and SP2 maintenance. Submissions for all affected distros have now been done. Passing the bug to security.
Comment 13 Swamp Workflow Management 2021-10-27 13:49:04 UTC
SUSE-SU-2021:3540-1: An update that solves one vulnerability and has 5 fixes is now available.

Category: security (important)
Bug References: 1182783,1184152,1184772,1185081,1188843,1190420
CVE References: CVE-2021-3667
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    libvirt-5.1.0-8.29.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    libvirt-5.1.0-8.29.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    libvirt-5.1.0-8.29.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    libvirt-5.1.0-8.29.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    libvirt-5.1.0-8.29.1
SUSE Enterprise Storage 6 (src):    libvirt-5.1.0-8.29.1
SUSE CaaS Platform 4.0 (src):    libvirt-5.1.0-8.29.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2021-10-29 19:30:21 UTC
SUSE-SU-2021:3586-1: An update that solves one vulnerability and has 6 fixes is now available.

Category: security (moderate)
Bug References: 1177902,1186398,1188232,1188843,1190420,1190693,1190695
CVE References: CVE-2021-3667
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    libvirt-6.0.0-13.21.1
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    libvirt-6.0.0-13.21.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    libvirt-6.0.0-13.21.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2021-11-05 17:22:10 UTC
openSUSE-SU-2021:1451-1: An update that solves one vulnerability and has 6 fixes is now available.

Category: security (moderate)
Bug References: 1177902,1186398,1188232,1188843,1190420,1190693,1190695
CVE References: CVE-2021-3667
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    libvirt-6.0.0-lp152.9.15.1