CVE-2021-33632

low-risk
Published 2024-03-25

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C. This issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.

Do I need to act?

-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.0/10 High
LOCAL / HIGH complexity

References (14)

https://gitee.com/src-openeuler/iSulad/pulls/639
https://gitee.com/src-openeuler/iSulad/pulls/640
https://gitee.com/src-openeuler/iSulad/pulls/645
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA...
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA...
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA...
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA...
https://gitee.com/src-openeuler/iSulad/pulls/639
https://gitee.com/src-openeuler/iSulad/pulls/640
https://gitee.com/src-openeuler/iSulad/pulls/645
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA...
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA...
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA...
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA...
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal