836128 – (CVE-2022-0897) <app-emulation/libvirt-8.2.0: unprivileged daemon DoS

Bug 836128 (CVE-2022-0897) - <app-emulation/libvirt-8.2.0: unprivileged daemon DoS

Summary: <app-emulation/libvirt-8.2.0: unprivileged daemon DoS

Status:	IN_PROGRESS

Alias:	CVE-2022-0897

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://gitlab.com/libvirt/libvirt/-/...
Whiteboard:	B3 [glsa cleanup]
Keywords:

Depends on:	872428
Blocks:
	Show dependency tree

Reported:	2022-03-26 05:11 UTC by John Helmert III
Modified:	2022-10-16 15:14 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-03-26 05:11:33 UTC

CVE-2022-0897:

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the `driver->nwfilters` mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the `driver->nwfilters` object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt’s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).

Comment 1 Larry the Git Cow gentoo-dev

2022-04-03 04:36:04 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f80abc70fa18166129b827b6ed4c671cb5c656b0

commit f80abc70fa18166129b827b6ed4c671cb5c656b0
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-04-03 04:04:09 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-04-03 04:35:37 +0000

    app-emulation/libvirt: add 8.2.0
    
    * Add 8.2.0
    * Tighten up some lower bounds on dependencies
    * Add shorewall to init script 'after'
    
    Bug: https://bugs.gentoo.org/836128
    Closes: https://bugs.gentoo.org/833754
    Closes: https://bugs.gentoo.org/831121
    Signed-off-by: Sam James <sam@gentoo.org>

 app-emulation/libvirt/Manifest                |   2 +
 app-emulation/libvirt/files/libvirtd.init-r19 |   2 +-
 app-emulation/libvirt/libvirt-8.2.0.ebuild    | 336 ++++++++++++++++++++++++++
 app-emulation/libvirt/libvirt-9999.ebuild     |  52 ++--
 app-emulation/libvirt/metadata.xml            |   4 +
 5 files changed, 368 insertions(+), 28 deletions(-)

Comment 2 John Helmert III archtester

2022-10-14 03:24:45 UTC

GLSA request filed

Comment 3 Larry the Git Cow gentoo-dev

2022-10-16 14:46:10 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=48e6804ed5fa75343b7496c1033000fda3741b42

commit 48e6804ed5fa75343b7496c1033000fda3741b42
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-10-16 14:42:10 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-10-16 14:45:24 +0000

    [ GLSA 202210-06 ] libvirt: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/746119
    Bug: https://bugs.gentoo.org/799713
    Bug: https://bugs.gentoo.org/812317
    Bug: https://bugs.gentoo.org/836128
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202210-06.xml | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)

Comment 4 John Helmert III archtester

2022-10-16 15:14:11 UTC

Michal, tamiko, any reason to keep old libvirts around here?