Launchpad.net

CVE 2022-0897

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).

Related bugs and status

CVE-2022-0897 (Candidate) is related to these bugs:

Bug #1971289: Merge libvirt from Debian unstable for kinetic

Summary				In	Importance	Status
	1971289	Merge libvirt from Debian unstable for kinetic		libvirt (Ubuntu)	Undecided	Fix Released

Bug #1980134: Storage Pools: Add support for minor NFS versions

Summary				In	Importance	Status
	1980134	Storage Pools: Add support for minor NFS versions		libvirt (Ubuntu)	Medium	Fix Released

Bug #1982896: libvirtd cannot launch VMs with SGX enabled

Summary				In	Importance	Status
	1982896	libvirtd cannot launch VMs with SGX enabled		libvirt (Ubuntu)	High	Fix Released
	1982896	libvirtd cannot launch VMs with SGX enabled		libvirt (Ubuntu Jammy)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.redha...
GENTOO: GLSA-202210-06