Search for vulnerabilities
Vulnerability details: VCID-3bv6-r7q8-aaaq
Vulnerability ID VCID-3bv6-r7q8-aaaq
Aliases CVE-2021-20316
Summary A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2022:1756
rhas Moderate https://access.redhat.com/errata/RHSA-2022:2074
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20316.json
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00360 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00360 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00360 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00360 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00360 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00360 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00433 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00433 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00433 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00441 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
epss 0.01576 https://api.first.org/data/v1/epss?cve=CVE-2021-20316
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20316
cvssv3.1 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20316
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20316.json
https://access.redhat.com/security/cve/CVE-2021-20316
https://api.first.org/data/v1/epss?cve=CVE-2021-20316
https://bugzilla.redhat.com/show_bug.cgi?id=2009673
https://bugzilla.samba.org/show_bug.cgi?id=14842
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20316
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.gentoo.org/glsa/202309-06
https://security-tracker.debian.org/tracker/CVE-2021-20316
https://www.samba.org/samba/security/CVE-2021-20316.html
1004690 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004690
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_aus:8.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_tus:8.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_tus:8.6:*:*:*:*:*:*:*
CVE-2021-20316 https://nvd.nist.gov/vuln/detail/CVE-2021-20316
RHSA-2022:1756 https://access.redhat.com/errata/RHSA-2022:1756
RHSA-2022:2074 https://access.redhat.com/errata/RHSA-2022:2074
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20316.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-20316
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-20316
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.55793
EPSS Score 0.00179
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.