CVE-2022-0897

2022-03-2519:15:10

Google

osv.dev

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

6.7 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.196 Low

EPSS

Percentile

96.2%

JSON

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt’s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).

CPENameOperatorVersion
libvirteqCVE-2013-1962
libvirteqLIBVIRT_0_1_9
libvirteq1.0.3-rc1
libvirteqLIBVIRT_0_1_4
libvirteq0.7.0
libvirteq0.3.0
libvirteq1.0.2
libvirteq0.9.13
libvirteq1.0.4
libvirteq0.8.4

Name	Operator	Version
libvirt	eq	CVE-2013-1962
libvirt	eq	LIBVIRT_0_1_9
libvirt	eq	1.0.3-rc1
libvirt	eq	LIBVIRT_0_1_4
libvirt	eq	0.7.0
libvirt	eq	0.3.0
libvirt	eq	1.0.2
libvirt	eq	0.9.13
libvirt	eq	1.0.4
libvirt	eq	0.8.4