CVE-2022-0897

Published: 25 March 2022

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the `driver->nwfilters` mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the `driver->nwfilters` object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt’s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).

Priority

CVSS 3 base score: 4.3

Status

Package	Release	Status
libvirt Launchpad, Ubuntu, Debian	bionic	Released (4.0.0-1ubuntu8.21)
	focal	Released (6.0.0-0ubuntu8.16)
	impish	Released (7.6.0-0ubuntu1.2)
	jammy	Needed
	trusty	Needs triage
	upstream	Needs triage
	xenial	Needs triage

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›