Bug 2050324 (CVE-2022-0485)
Summary: | CVE-2022-0485 libnbd: nbdcopy: missing error handling may create corrupted destination image | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | eblake, lersek, rjones, virt-maint |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | libnbd 1.11.8 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-05-12 09:45:44 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2045718, 2046194, 2050325, 2050338, 2050339, 2050340 | ||
Bug Blocks: | 2050309, 2050326 |
Description
Mauro Matteo Cascella
2022-02-03 17:02:34 UTC
Created libnbd tracking bugs for this issue: Affects: fedora-all [bug 2050325] Thanks! Libnbd security advisory: https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.5.0.Z Via RHSA-2022:0949 https://access.redhat.com/errata/RHSA-2022:0949 This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.4.0.EUS Via RHSA-2022:0971 https://access.redhat.com/errata/RHSA-2022:0971 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1759 https://access.redhat.com/errata/RHSA-2022:1759 This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.6.0 Via RHSA-2022:2181 https://access.redhat.com/errata/RHSA-2022:2181 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-0485 A simple reproducer for this is: nbdcopy -p -- [ nbdkit --filter=error pattern 5M error-pread-rate=1 ] null: This command will exit with success (status code 0) if the bug is present and exit with an error (status code 1) if the bug is fixed. Note that nbdkit error messages will be printed either way. As far as Red Hat CVSS score is concerned, this is a data corruption issue with integrity impact (for a failed read by source NBD server) and confidentiality impact (for a failed write by destination NBD server). In both cases Low impact (C:L/I:L) as the attacker has no control over what information is modified/obtained. No direct compromise of availability (A:N). |