CVE-2021-25316 - OpenCVE

A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Suse	Linux Enterprise Server S390-tools

Configuration 1 [-]

AND

cpe:2.3:a:suse:s390-tools:*:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:15:sp5:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:suse:s390-tools:*:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugzilla.suse.com/show_bug.cgi?id=1182777

History

No history.

MITRE

Status: PUBLISHED

Assigner: suse

Published: 2021-04-14T09:55:12.766065Z

Updated: 2024-09-17T03:32:49.137Z

Reserved: 2021-01-19T00:00:00

Link: CVE-2021-25316

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-04-14T10:15:13.087

Modified: 2023-04-14T18:50:38.023

Link: CVE-2021-25316

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-25316", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "dateUpdated": "2024-09-17T03:32:49.137Z", "dateReserved": "2021-01-19T00:00:00", "datePublished": "2021-04-14T09:55:12.766065Z"}, "containers": {"cna": {"title": "Local DoS of VM live migration due to use of static tmp files in detach_disks.sh in s390-tools", "datePublic": "2021-02-28T00:00:00", "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2023-01-19T00:00:00"}, "descriptions": [{"lang": "en", "value": "A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1."}], "affected": [{"vendor": "SUSE", "product": "SUSE Linux Enterprise Server 12-SP5", "versions": [{"version": "s390-tools", "status": "affected", "lessThan": "2.1.0-18.29.1", "versionType": "custom"}]}, {"vendor": "SUSE", "product": "SUSE Linux Enterprise Server 15-SP2", "versions": [{"version": "s390-tools", "status": "affected", "lessThan": "2.11.0-9.20.1", "versionType": "custom"}]}], "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1182777"}], "credits": [{"lang": "en", "value": "Wolfgang Frisch of SUSE"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-377: Insecure Temporary File", "cweId": "CWE-377"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1182777", "defect": ["1182777"], "discovery": "INTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:03:05.203Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1182777", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:s390-tools:*:*:*:*:*:*:*:*", "matchCriteriaId": "9043CC83-B42F-423B-9163-F39CB199A1AC", "versionEndExcluding": "2.1.0-18.29.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp5:*:*:*:*:*:*", "matchCriteriaId": "F6461786-1240-4D6A-B767-9EE3BD4A6DAA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:s390-tools:*:*:*:*:*:*:*:*", "matchCriteriaId": "89C429A6-FDD5-479C-BF06-547092526312", "versionEndExcluding": "2.11.0-9.20.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:*:*:*", "matchCriteriaId": "5372BB07-73C9-4DB3-95C4-108C1A06683C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1."}, {"lang": "es", "value": "Una vulnerabilidad de Archivo Temporal No Seguro en s390-tools de SUSE Linux Enterprise Server versi\u00f3n 12-SP5, SUSE Linux Enterprise Server versi\u00f3n 15-SP2, permite a atacantes locales emitir migraciones en vivo de VM. Este problema afecta a: SUSE Linux Enterprise Server versiones 12-SP5 s390-tools anteriores a 2.1.0-18.29.1. SUSE Linux Enterprise Server versiones 15-SP2 s390-tools anteriores a 2.11.0-9.20.1"}], "id": "CVE-2021-25316", "lastModified": "2023-04-14T18:50:38.023", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "meissner@suse.de", "type": "Secondary"}]}, "published": "2021-04-14T10:15:13.087", "references": [{"source": "meissner@suse.de", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1182777"}], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-377"}], "source": "meissner@suse.de", "type": "Primary"}]}