First published: Tue Jun 29 2021(Updated: )
There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cause the system to crash. Affected product versions include: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2.0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei ManageOne | =6.5.1-spc200 | |
Huawei ManageOne | =8.0.0 | |
Huawei ManageOne | =8.0.0-lcnd81 | |
Huawei ManageOne | =8.0.0-rc2 | |
Huawei ManageOne | =8.0.0-rc3 | |
Huawei ManageOne | =8.0.0-rc3.spc100 | |
Huawei ManageOne | =8.0.0-spc100 | |
Huawei ManageOne | =8.0.1 | |
Huawei SMC2.0 | =v600r019c10spc700 | |
Huawei SMC2.0 | =v600r019c10spc702 | |
Huawei SMC2.0 | =v600r019c10spc703 | |
Huawei SMC2.0 | =v600r019c10spc800 | |
Huawei SMC2.0 | =v600r019c10spc900 | |
Huawei SMC2.0 | =v600r019c10spc910 | |
Huawei SMC2.0 | =v600r019c10spc920 | |
Huawei SMC2.0 | =v600r019c10spc921 | |
Huawei SMC2.0 | =v600r019c10spc922 | |
Huawei SMC2.0 | =v600r019c10spc930 | |
Huawei SMC2.0 | =v600r019c10spc931 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-22340 is a multiple threads race condition vulnerability in Huawei product.
The severity of CVE-2021-22340 is medium with a CVSS score of 4.1.
CVE-2021-22340 affects Huawei ManageOne versions 6.5.1-spc200, 8.0.0, 8.0.0-lcnd81, 8.0.0-rc2, 8.0.0-rc3, 8.0.0-rc3.spc100, 8.0.0-spc100, and 8.0.1.
CVE-2021-22340 affects Huawei SMC2.0 versions v600r019c10spc700, v600r019c10spc702, v600r019c10spc703, v600r019c10spc800, v600r019c10spc900, v600r019c10spc910, v600r019c10spc920, v600r019c10spc921, v600r019c10spc922, v600r019c10spc930, and v600r019c10spc931.
An attacker with root permissions can exploit CVE-2021-22340 by performing specific operations.