Headline
CVE-2022-0897: nwfilter: fix crash when counting number of network filters (a4947e8f) · Commits · libvirt / libvirt · GitLab
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters
mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters
object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt’s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).
Commit a4947e8f authored Mar 08, 2022 by 💬
Browse files
- Changes 1
…
…
@@ -478,11 +478,15 @@ nwfilterLookupByName(virConnectPtr conn,
static int
nwfilterConnectNumOfNWFilters(virConnectPtr conn)
{
int ret;
if (virConnectNumOfNWFiltersEnsureACL(conn) < 0)
return -1;
return virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn,
virConnectNumOfNWFiltersCheckACL);
nwfilterDriverLock();
ret = virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn,
virConnectNumOfNWFiltersCheckACL);
nwfilterDriverUnlock();
return ret;
}
…
…
- mentioned in commit OE4T/meta-virtualization@a63a54df3170fed387f810f23cdc2f483ad587df
Related news
Ubuntu Security Notice 6126-1 - It was discovered that libvirt incorrectly handled the nwfilter driver. A local attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. It was discovered that libvirt incorrectly handled queries for the SR-IOV PCI device capabilities. A local attacker could possibly use this issue to cause libvirt to consume resources, leading to a denial of service.
An update for libvirt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0897: libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service
An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3507: QEMU: fdc: heap buffer overflow in DMA read data transfers * CVE-2022-0897: libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service * CVE-2022-2211: libguestfs: Buffer overflow in get_keys leads to DoS * CVE-2022-23645: swtpm: Unchecked header size indicator against expected size
Gentoo Linux Security Advisory 202210-6 - Multiple vulnerabilities have been discovered in libvirt, the worst of which could result in denial of service. Versions less than 8.2.0 are affected.
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).