CVE-2022-0897

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-0897
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0897.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-0897
Downstream
Related
Published
2022-03-25T00:00:00Z
Modified
2026-05-15T11:53:59.310419995Z
Summary
[none]
Details

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).

Database specific 
{
    "cwe_ids": [
        "CWE-667"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "last_affected": "libvirt 8.0.0-8"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0897.json",
    "cna_assigner": "redhat"
}
References

Affected packages