CVE-2022-0897
N/A
N/A
Summary
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | libvirt | libvirt 8.0.0-8 | affected |
Weaknesses
- CWE-667: CWE-667
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=2063883
- https://security.gentoo.org/glsa/202210-06
- https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2063883
- https://security.gentoo.org/glsa/202210-06
- https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.