Updated: 2024-04-01 20:26:23.407544
Description:
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 4 |
| CVSS Version 3.x | MEDIUM | 4.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | libvirt | 0.10.2 | 4.3 | MEDIUM | Ignored | 2022-04-07 18:56:52 | |
| CentOS 8.4 ELS | libvirt | 6.0.0-35.1 | 4.3 | MEDIUM | Released | CLSA-2022:1669237947 | 2022-11-23 16:21:49 |
| CentOS 8.5 ELS | libvirt | 6.0.0-37 | 4.3 | MEDIUM | Released | CLSA-2022:1669238254 | 2022-11-23 16:21:49 |
| CloudLinux 6 ELS | libvirt | 0.10.2 | 4.3 | MEDIUM | Ignored | 2022-04-07 18:56:52 | |
| Oracle Linux 6 ELS | libvirt | 0.10.2 | 4.3 | MEDIUM | Ignored | 2022-04-07 18:56:52 |