CVE-2021-22340
MEDIUMHuawei ManageOne and SMC2.0 - Denial of Service via Concurrent I/O Read Race Condition
Title source: llmDescription
There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cause the system to crash. Affected product versions include: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2.0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210428-01-racecondition-en
Scores
CVSS v3
4.1
EPSS
0.0002
EPSS Percentile
3.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-362
Status
published
Products (14)
huawei/manageone
6.5.1 spc200
huawei/manageone
8.0.0 (6 CPE variants)
huawei/manageone
8.0.1
huawei/smc2.0
v600r019c10spc700
huawei/smc2.0
v600r019c10spc702
huawei/smc2.0
v600r019c10spc703
huawei/smc2.0
v600r019c10spc800
huawei/smc2.0
v600r019c10spc900
huawei/smc2.0
v600r019c10spc910
huawei/smc2.0
v600r019c10spc920
... and 4 more
Published
Jun 29, 2021
Tracked Since
Feb 18, 2026