Unrated severityNVD Advisory· Published Mar 25, 2022· Updated Aug 2, 2024

CVE-2022-0897

Description

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).

Affected products

Alpinelinux/Libvirtv5
Range: libvirt 8.0.0-8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202210-06mitrevendor-advisory
lists.debian.org/debian-lts-announce/2024/04/msg00000.htmlmitremailing-list
bugzilla.redhat.com/show_bug.cgimitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000