Your submission was sent successfully! Close

CVE-2022-0897

Published: 25 March 2022

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the `driver->nwfilters` mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the `driver->nwfilters` object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt’s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).

Priority

Low

CVSS 3 base score: 4.3

Status

Package Release Status
libvirt
Launchpad, Ubuntu, Debian
bionic
Released (4.0.0-1ubuntu8.21)
focal
Released (6.0.0-0ubuntu8.16)
impish
Released (7.6.0-0ubuntu1.2)
jammy Needed

trusty Needs triage

upstream Needs triage

xenial Needs triage