A flaw was found in nbdcopy. When copying from NBD server using the asynchronous copy mode (default) nbdcopy may create a corrupted destination image if read or write NBD command start but the server returns an error. nbdcopy also exits with zero exit code, so programs running it cannot detect that the operation failed. Upstream patch proposed: https://listman.redhat.com/archives/libguestfs/2022-February/msg00039.html
Created libnbd tracking bugs for this issue: Affects: fedora-all [bug 2050325]
Thanks!
Patch v2: https://listman.redhat.com/archives/libguestfs/2022-February/msg00059.html
Upstream commit: https://gitlab.com/nbdkit/libnbd/-/commit/8d444b41d09a700c7ee6f9182a649f3f2d325abb
Libnbd security advisory: https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html
This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.5.0.Z Via RHSA-2022:0949 https://access.redhat.com/errata/RHSA-2022:0949
This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.4.0.EUS Via RHSA-2022:0971 https://access.redhat.com/errata/RHSA-2022:0971
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1759 https://access.redhat.com/errata/RHSA-2022:1759
This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.6.0 Via RHSA-2022:2181 https://access.redhat.com/errata/RHSA-2022:2181
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-0485
A simple reproducer for this is: nbdcopy -p -- [ nbdkit --filter=error pattern 5M error-pread-rate=1 ] null: This command will exit with success (status code 0) if the bug is present and exit with an error (status code 1) if the bug is fixed. Note that nbdkit error messages will be printed either way.
As far as Red Hat CVSS score is concerned, this is a data corruption issue with integrity impact (for a failed read by source NBD server) and confidentiality impact (for a failed write by destination NBD server). In both cases Low impact (C:L/I:L) as the attacker has no control over what information is modified/obtained. No direct compromise of availability (A:N).