merged. Bruce
In message: [meta-virtualization] [hardknott][PATCH] libvirt: fix CVE-2022-0897 on 13/04/2022 Changqing Li wrote: > From: Changqing Li <[email protected]> > > Signed-off-by: Changqing Li <[email protected]> > --- > .../libvirt/libvirt/CVE-2022-0897.patch | 57 +++++++++++++++++++ > recipes-extended/libvirt/libvirt_6.3.0.bb | 1 + > 2 files changed, 58 insertions(+) > create mode 100644 recipes-extended/libvirt/libvirt/CVE-2022-0897.patch > > diff --git a/recipes-extended/libvirt/libvirt/CVE-2022-0897.patch > b/recipes-extended/libvirt/libvirt/CVE-2022-0897.patch > new file mode 100644 > index 0000000..e98f40b > --- /dev/null > +++ b/recipes-extended/libvirt/libvirt/CVE-2022-0897.patch > @@ -0,0 +1,57 @@ > +From d470667167fa585d2bc3b996fb3bf2786d44be9a Mon Sep 17 00:00:00 2001 > +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <[email protected]> > +Date: Tue, 8 Mar 2022 17:28:38 +0000 > +Subject: [PATCH] nwfilter: fix crash when counting number of network filters > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +The virNWFilterObjListNumOfNWFilters method iterates over the > +driver->nwfilters, accessing virNWFilterObj instances. As such > +it needs to be protected against concurrent modification of > +the driver->nwfilters object. > + > +This API allows unprivileged users to connect, so users with > +read-only access to libvirt can cause a denial of service > +crash if they are able to race with a call of virNWFilterUndefine. > +Since network filters are usually statically defined, this is > +considered a low severity problem. > + > +This is assigned CVE-2022-0897. > + > +Reviewed-by: Eric Blake <[email protected]> > +Signed-off-by: Daniel P. Berrangé <[email protected]> > + > +Upstream-Status: Backport > [https://gitlab.com/libvirt/libvirt/-/commit/a4947e8f63c3e6b7b067b444f3d6cf674c0d7f36] > +CVE: CVE-2022-0897 > + > +Signed-off-by: Changqing Li <[email protected]> > +--- > + src/nwfilter/nwfilter_driver.c | 8 ++++++-- > + 1 file changed, 6 insertions(+), 2 deletions(-) > + > +diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c > +index 1c40772..27500d1 100644 > +--- a/src/nwfilter/nwfilter_driver.c > ++++ b/src/nwfilter/nwfilter_driver.c > +@@ -514,11 +514,15 @@ nwfilterLookupByName(virConnectPtr conn, > + static int > + nwfilterConnectNumOfNWFilters(virConnectPtr conn) > + { > ++ int ret; > + if (virConnectNumOfNWFiltersEnsureACL(conn) < 0) > + return -1; > + > +- return virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn, > +- virConnectNumOfNWFiltersCheckACL); > ++ nwfilterDriverLock(); > ++ ret = virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn, > ++ > virConnectNumOfNWFiltersCheckACL); > ++ nwfilterDriverUnlock(); > ++ return ret; > + } > + > + > +-- > +2.25.1 > + > diff --git a/recipes-extended/libvirt/libvirt_6.3.0.bb > b/recipes-extended/libvirt/libvirt_6.3.0.bb > index 8e95ad6..48e5b58 100644 > --- a/recipes-extended/libvirt/libvirt_6.3.0.bb > +++ b/recipes-extended/libvirt/libvirt_6.3.0.bb > @@ -47,6 +47,7 @@ SRC_URI = > "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \ > file://CVE-2021-3631.patch \ > > file://0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch \ > file://CVE-2021-3975.patch \ > + file://CVE-2022-0897.patch \ > " > > SRC_URI[libvirt.md5sum] = "1bd4435f77924f5ec9928b538daf4a02" > -- > 2.25.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7170): https://lists.yoctoproject.org/g/meta-virtualization/message/7170 Mute This Topic: https://lists.yoctoproject.org/mt/90433217/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
