Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-0485

Опубликовано: 27 янв. 2022
Источник: redhat
CVSS3: 4.8

Описание

A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.

Меры по смягчению последствий

Use of nbdcopy --synchronous will avoid undetected data corruption, but comes at a potential performance cost by avoiding the speed benefits of asynchronous operations. See the upstream security advisory for more information.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.2/libnbdNot affected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:av/libnbdAffected
Red Hat Enterprise Linux 9libnbdNot affected
Advanced Virtualization for RHEL 8.4.0.EUSvirtFixedRHSA-2022:097121.03.2022
Advanced Virtualization for RHEL 8.4.0.EUSvirt-develFixedRHSA-2022:097121.03.2022
Advanced Virtualization for RHEL 8.5.0.ZvirtFixedRHSA-2022:094916.03.2022
Advanced Virtualization for RHEL 8.5.0.Zvirt-develFixedRHSA-2022:094916.03.2022
Advanced Virtualization for RHEL 8.6.0virtFixedRHSA-2022:218111.05.2022
Advanced Virtualization for RHEL 8.6.0virt-develFixedRHSA-2022:218111.05.2022
Red Hat Enterprise Linux 8virt-develFixedRHSA-2022:175910.05.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-252
https://bugzilla.redhat.com/show_bug.cgi?id=2050324libnbd: nbdcopy: missing error handling may create corrupted destination image

4.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-0485

CVSS3: 4.8
ubuntu
почти 3 года назад

A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.

nvd логотип

CVE-2022-0485

CVSS3: 4.8
nvd
почти 3 года назад

A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.

debian логотип

CVE-2022-0485

CVSS3: 4.8
debian
почти 3 года назад

A flaw was found in the copying tool `nbdcopy` of libnbd. When perform ...

suse-cvrf логотип

SUSE-SU-2022:2754-1

suse-cvrf
почти 3 года назад

Security update for libnbd

suse-cvrf логотип

SUSE-SU-2022:2347-1

suse-cvrf
почти 3 года назад

Security update for libnbd

4.8 Medium

CVSS3