CVE-2022-46174— Race condition during concurrent TLS mounts in efs-utils

Race condition during concurrent TLS mounts in efs-utils

efs-utils is a set of Utilities for Amazon Elastic File System (EFS). A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to receive NFS connections prior to applying the TLS tunnel. In affected versions, concurrent mount operations can allocate the same local port, leading to either failed mount operations or an inappropriate mapping from an EFS customer’s local mount points to that customer’s EFS file systems. This issue is patched in version v1.34.4. There is no recommended work around. We recommend affected users update the installed version of efs-utils to v1.34.4 or later.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

使用共享资源的并发执行不恰当同步问题(竞争条件)

Amazon efs-utils 竞争条件问题漏洞

Amazon efs-utils是美国亚马逊（Amazon）公司的Amazon的EFS工具。 Amazon efs-utils v1.34.4之前版本存在竞争条件问题漏洞，该漏洞源于存在潜在的竞争条件问题,并发的挂载操作可能会分配相同的本地端口，导致挂载操作失败或者从EFS客户的本地挂载点到该客户的EFS文件系统的不适当的映射。

N/A

N/A