CVE-2022-0897

Опубликовано: 17 мар. 2022

Источник: redhat

CVSS3: 5

EPSS Низкий

Описание

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).

Отчет

A future update may address this issue in Red Hat Enterprise Linux 8 and RHEL Advanced Virtualization.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	libvirt	Out of support scope
Red Hat Enterprise Linux 7	libvirt	Out of support scope
Red Hat Enterprise Linux 8 Advanced Virtualization	virt:8.2/libvirt	Fix deferred
Red Hat Enterprise Linux 8 Advanced Virtualization	virt:av/libvirt	Fix deferred
Red Hat Enterprise Linux 8	virt-devel	Fixed	RHSA-2022:7472	08.11.2022
Red Hat Enterprise Linux 8	virt	Fixed	RHSA-2022:7472	08.11.2022
Red Hat Enterprise Linux 9	libvirt	Fixed	RHSA-2022:8003	15.11.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-667

https://bugzilla.redhat.com/show_bug.cgi?id=2063883libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service

EPSS

Процентиль: 13%

0.00045

Низкий

5 Medium

CVSS3

Связанные уязвимости

CVE-2022-0897

CVSS3: 4.3

ubuntu

около 3 лет назад

CVE-2022-0897

CVSS3: 4.3

nvd

около 3 лет назад

CVE-2022-0897

CVSS3: 4.3

debian

около 3 лет назад

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjLis ...

SUSE-SU-2023:2754-1

suse-cvrf

почти 2 года назад

Security update for libvirt

SUSE-SU-2022:1549-1

suse-cvrf

около 3 лет назад

Security update for libvirt

EPSS

Процентиль: 13%

0.00045

Низкий

5 Medium

CVSS3