Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability in openEuler iSulad on Linux
CVE-2021-33632

7HIGH

Key Information:

Vendor: Openeuler
Status: Isulad
Vendor: CVE Published:; 25 March 2024

What is CVE-2021-33632?

A race condition vulnerability has been identified in openEuler's iSulad that leverages Time-of-Check and Time-of-Use (TOCTOU) mechanisms. This issue could allow unauthorized access or modification of program files, impacting the overall security and performance of systems utilizing iSulad. The affected versions include iSulad: 2.0.18-13 and the range from iSulad: 2.1.4-1 to 2.1.4-2. Addressing this vulnerability is imperative for maintaining secure operations and protecting sensitive data.

Affected Version(s)

iSulad Linux 2.0.18-13

iSulad Linux 2.1.4-1 <= 2.1.4-2

References

https://www.openeuler.org/zh/security/security-bulletins/...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2024
Vulnerability Reserved
May 28, 2021

Credit

[email protected]

Openeuler

What is CVE-2021-33632?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit