CWE
362
Advisory Published
Updated

CVE-2021-22340: Race Condition

First published: Tue Jun 29 2021(Updated: )

There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cause the system to crash. Affected product versions include: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2.0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931

Credit: psirt@huawei.com

Affected SoftwareAffected VersionHow to fix
Huawei ManageOne=6.5.1-spc200
Huawei ManageOne=8.0.0
Huawei ManageOne=8.0.0-lcnd81
Huawei ManageOne=8.0.0-rc2
Huawei ManageOne=8.0.0-rc3
Huawei ManageOne=8.0.0-rc3.spc100
Huawei ManageOne=8.0.0-spc100
Huawei ManageOne=8.0.1
Huawei SMC2.0=v600r019c10spc700
Huawei SMC2.0=v600r019c10spc702
Huawei SMC2.0=v600r019c10spc703
Huawei SMC2.0=v600r019c10spc800
Huawei SMC2.0=v600r019c10spc900
Huawei SMC2.0=v600r019c10spc910
Huawei SMC2.0=v600r019c10spc920
Huawei SMC2.0=v600r019c10spc921
Huawei SMC2.0=v600r019c10spc922
Huawei SMC2.0=v600r019c10spc930
Huawei SMC2.0=v600r019c10spc931

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2021-22340?

    CVE-2021-22340 is a multiple threads race condition vulnerability in Huawei product.

  • What is the severity of CVE-2021-22340?

    The severity of CVE-2021-22340 is medium with a CVSS score of 4.1.

  • How does CVE-2021-22340 affect Huawei ManageOne?

    CVE-2021-22340 affects Huawei ManageOne versions 6.5.1-spc200, 8.0.0, 8.0.0-lcnd81, 8.0.0-rc2, 8.0.0-rc3, 8.0.0-rc3.spc100, 8.0.0-spc100, and 8.0.1.

  • How does CVE-2021-22340 affect Huawei SMC2.0?

    CVE-2021-22340 affects Huawei SMC2.0 versions v600r019c10spc700, v600r019c10spc702, v600r019c10spc703, v600r019c10spc800, v600r019c10spc900, v600r019c10spc910, v600r019c10spc920, v600r019c10spc921, v600r019c10spc922, v600r019c10spc930, and v600r019c10spc931.

  • How can an attacker exploit CVE-2021-22340?

    An attacker with root permissions can exploit CVE-2021-22340 by performing specific operations.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203