CVE-2022-0207 A race condition was found in vdsm
This issue was found in vdsm that allowed the storage of the values of sensitive vdsm functions in the log files.
These values may then be exposed in the logs of other VMs, possibly allowing attackers to determine the names of other VMs on the same physical host, allowing them to be targeted with further attacks.
In vdsm a race condition was found that could allow malicious code to be executed on the host machine. This issue was found in vdsm that could allow malicious code to be executed on the host machine.
In vdsm a code path was found where a malicious user could obtain host OS privileges. In VDSM a code path was found where a malicious user could obtain host OS privileges.
What is VDSM?
VDSM is the Virtual Data Storage Manager. It is a program that manages storage in virtual machines on a physical host machine such as vdsm.
This issue was found in VDSM, which may allow malicious code to be executed on the host machine. In VDSM, a race condition was found that could allow malicious code to be executed on the host machine. In VDSM, a code path was found where a malicious user could obtain host OS privileges.
The following bulletin has been published to address this CVE:
References:
- https://www.kb.cert.org/vuls/id/2022-0207
- https://blog.thawte.com/2018/02/07/summary-of-recent-vulnerability-reports
Vulnerability Dissection
CERT-VULN-22211 - VDSM Information Disclosure and Privilege Escalation
This issue was found in vdsm that allowed the storage of the values of sensitive vdsm functions in the log files. These values may then be exposed in the logs of other VMs, possibly allowing attackers to determine the names of other VMs on the same physical host, allowing them to be targeted with further attacks. In vdsm a race condition was found that could allow malicious code to be executed on the host machine. This issue was found in vdsm that could allow malicious code to be executed on the host machine. In vdsm a code path was found where a malicious user could obtain host OS privileges.
Timeline
Published on: 08/26/2022 18:15:00 UTC
Last modified on: 09/01/2022 14:54:00 UTC
References
- https://access.redhat.com/security/cve/CVE-2022-0207
- https://gerrit.ovirt.org/gitweb?p=vdsm.git;a=commit;h=53b0036fc72d3b8877d4e7f047d705e5a4c722e8
- https://bugzilla.redhat.com/show_bug.cgi?id=2039248
- https://bugzilla.redhat.com/show_bug.cgi?id=2033697
- https://gerrit.ovirt.org/c/vdsm/+/118025
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0207