Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.6:Update
libvirt.29542
a4947e8f-nwfilter-CVE-2022-0897.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File a4947e8f-nwfilter-CVE-2022-0897.patch of Package libvirt.29542
commit a4947e8f63c3e6b7b067b444f3d6cf674c0d7f36 Author: Daniel P. Berrangé <berrange@redhat.com> Date: Tue Mar 8 17:28:38 2022 +0000 nwfilter: fix crash when counting number of network filters The virNWFilterObjListNumOfNWFilters method iterates over the driver->nwfilters, accessing virNWFilterObj instances. As such it needs to be protected against concurrent modification of the driver->nwfilters object. This API allows unprivileged users to connect, so users with read-only access to libvirt can cause a denial of service crash if they are able to race with a call of virNWFilterUndefine. Since network filters are usually statically defined, this is considered a low severity problem. This is assigned CVE-2022-0897. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Index: libvirt-7.1.0/src/nwfilter/nwfilter_driver.c =================================================================== --- libvirt-7.1.0.orig/src/nwfilter/nwfilter_driver.c +++ libvirt-7.1.0/src/nwfilter/nwfilter_driver.c @@ -478,11 +478,15 @@ nwfilterLookupByName(virConnectPtr conn, static int nwfilterConnectNumOfNWFilters(virConnectPtr conn) { + int ret; if (virConnectNumOfNWFiltersEnsureACL(conn) < 0) return -1; - return virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn, - virConnectNumOfNWFiltersCheckACL); + nwfilterDriverLock(); + ret = virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn, + virConnectNumOfNWFiltersCheckACL); + nwfilterDriverUnlock(); + return ret; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor