Source: libvirt Version: 8.1.0-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for libvirt. CVE-2022-0897[0]: | A flaw was found in the libvirt nwfilter driver. The | virNWFilterObjListNumOfNWFilters method failed to acquire the | `driver->nwfilters` mutex before iterating over virNWFilterObj | instances. There was no protection to stop another thread from | concurrently modifying the `driver->nwfilters` object. This flaw | allows a malicious, unprivileged user to exploit this issue via | libvirt&#8217;s API virConnectNumOfNWFilters to crash the network | filter management daemon (libvirtd/virtnwfilterd). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-0897 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0897 [1] https://gitlab.com/libvirt/libvirt/-/commit/a4947e8f63c3e6b7b067b444f3d6cf674c0d7f36 Please adjust the affected versions in the BTS as needed. Regards, Salvatore