Bugzilla – Bug 1201064
VUL-0: CVE-2022-2211: Libguestfs: Buffer overflow in get_keys leads to DOS
Last modified: 2024-05-14 15:50:04 UTC
Created attachment 859933 [details] Upstream Fix A buffer overflow was found in get_keys() When calculating the greatest possible number of matching keys in get_keys(), the current expression MIN (1, ks->nr_keys) is wrong -- it will return at most 1. If all "nr_keys" keys match however, then we require "nr_keys" non-NULL entries in the result array; in other words, we need MAX (1, ks->nr_keys) (The comment just above the expression is correct; the code is wrong.) This buffer overflow is easiest to trigger in those guestfs tools that parse the "--key" option in C; that is, with "OPTION_key". For example, the command $ virt-cat $(seq -f '--key /dev/sda2:key:%g' 200) -d DOMAIN /no-such-file which passes 200 (different) passphrases for the LUKS-encrypted block device "/dev/sda2", crashes with a SIGSEGV. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=2100862 Only libguestfs in SLE15-SP4 and Tumbleweed are affected.
Created attachment 859934 [details] Upstream documentation for the fix
Packages affected in SLE15-SP4 libguestfs virt-v2v Packages affected in Tumbleweed libguestfs guestfs-tools virt-v2v
This is an autogenerated message for OBS integration: This bug (1201064) was mentioned in https://build.opensuse.org/request/show/986262 Factory / libguestfs https://build.opensuse.org/request/show/986263 Factory / guestfs-tools https://build.opensuse.org/request/show/986264 Factory / virt-v2v
SUSE-SU-2022:2581-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1201064 CVE References: CVE-2022-2211 JIRA References: Sources used: openSUSE Leap 15.4 (src): libguestfs-1.44.2-150400.3.3.1 SUSE Linux Enterprise Module for Server Applications 15-SP4 (src): libguestfs-1.44.2-150400.3.3.1 SUSE Linux Enterprise Module for Development Tools 15-SP4 (src): libguestfs-1.44.2-150400.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Hi Charles, could you please submit to SUSE:SLE-15-SP4:Update/virt-v2v? :)
Submissions complete. Assigning back to security team.
SUSE-SU-2022:4308-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1201064 CVE References: CVE-2022-2211 JIRA References: Sources used: openSUSE Leap 15.4 (src): virt-v2v-1.44.2-150400.3.3.1 SUSE Linux Enterprise Module for Server Applications 15-SP4 (src): virt-v2v-1.44.2-150400.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done