Site icon API Security Blog

EulerOS Virtualization 2.9.1 : libvirt (EulerOS-SA-2022-2373)

According to the versions of the libvirt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

– A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt’s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). (CVE-2022-0897)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.Read More

Exit mobile version