Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-0897

Published: 25 March 2022

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).

Priority

Low

CVSS 3 base score: 4.3

Status

Package Release Status
libvirt
Launchpad, Ubuntu, Debian
bionic
Released (4.0.0-1ubuntu8.21)
focal
Released (6.0.0-0ubuntu8.16)
impish
Released (7.6.0-0ubuntu1.2)
jammy Needed

kinetic Needed

trusty Needs triage

upstream Needs triage

xenial Needs triage

Patches:
upstream: https://gitlab.com/libvirt/libvirt/-/commit/a4947e8f63c3e6b7b067b444f3d6cf674c0d7f36