[Libguestfs] [libnbd PATCH] copy: Fail nbdcopy if NBD read or write fails
Laszlo Ersek
lersek at redhat.com
Fri Feb 4 08:26:09 UTC 2022
On 02/03/22 02:50, Eric Blake wrote:
> FIXME: This is CVE-2022-XXXXX (still awaiting assignment of the CVE number).
>
> nbdcopy has a nasty bug when performing multi-threaded copies using
> asynchronous nbd calls - it was blindly treating the completion of an
> asynchronous command as successful, rather than checking the *error
> parameter. This can result in the silent creation of a corrupted
> image in two different ways: when a read fails, we blindly wrote
> garbage to the destination; when a write fails, we did not flag that
> the destination was not written.
BTW: why is this a CVE? How is this exploitable for an attacker?
Thanks
Laszlo
More information about the Libguestfs
mailing list