PT-2022-4820 · Libvirt+9 · Libvirt+9

Mauro Matteo Cascella

Published

2022-03-17

Updated

2024-06-15

CVE-2022-0897

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions libvirt (affected versions not specified)

Description The issue is related to insufficient locking in the virNWFilterObjListNumOfNWFilters method of the libvirt library. This allows a malicious, unprivileged user to exploit the issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). The flaw is due to the method failing to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances, leaving no protection against concurrent modification of the driver->nwfilters object by another thread.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALSA-2022:8003

BDU:2022-05846

CESA-2022_7472

CVE-2022-0897

DLA-3778-1

OESA-2022-1722

OPENSUSE-SU-2022_1549-1

OPENSUSE-SU-2024:11972-1

RHSA-2022:7472

RHSA-2022:8003

RHSA-2022_7472

RHSA-2022_8003

RLSA-2022:7472

RLSA-2022:8003

SUSE-SU-2022:1540-1

SUSE-SU-2022:1549-1

SUSE-SU-2022_1540-1

SUSE-SU-2022_1549-1

SUSE-SU-2023:2754-1

SUSE-SU-2023_2754-1

USN-5399-1

USN-6126-1

Affected Products

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libvirt

PT-2022-4820 · Libvirt+9 · Libvirt+9

CVE-2022-0897

Weakness Enumeration

Related Identifiers

Affected Products

References · 152