Vulnerability-Lookup

CVE-2022-0485 (GCVE-0-2022-0485)

Vulnerability from cvelistv5 – Published: 2022-08-29 14:03 – Updated: 2024-08-02 23:32

Summary

A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.

Severity

No CVSS data available.

CWE

CWE-252 - - Unchecked Return Value.

Assigner

redhat

References

5 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=2046194	x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=2050324	x_refsource_MISC
https://listman.redhat.com/archives/libguestfs/20…	x_refsource_MISC
https://gitlab.com/nbdkit/libnbd/-/commit/8d444b4…	x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2022-0485	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	libnbd	Affected: Fixed in libnbd v1.11.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:32:45.848Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046194"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050324"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/nbdkit/libnbd/-/commit/8d444b41d09a700c7ee6f9182a649f3f2d325abb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2022-0485"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libnbd",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in libnbd v1.11.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-252",
              "description": "CWE-252 - Unchecked Return Value.",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-29T14:03:04.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046194"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050324"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/nbdkit/libnbd/-/commit/8d444b41d09a700c7ee6f9182a649f3f2d325abb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2022-0485"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-0485",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "libnbd",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in libnbd v1.11.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-252 - Unchecked Return Value."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2046194",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046194"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2050324",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050324"
            },
            {
              "name": "https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html",
              "refsource": "MISC",
              "url": "https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html"
            },
            {
              "name": "https://gitlab.com/nbdkit/libnbd/-/commit/8d444b41d09a700c7ee6f9182a649f3f2d325abb",
              "refsource": "MISC",
              "url": "https://gitlab.com/nbdkit/libnbd/-/commit/8d444b41d09a700c7ee6f9182a649f3f2d325abb"
            },
            {
              "name": "https://access.redhat.com/security/cve/CVE-2022-0485",
              "refsource": "MISC",
              "url": "https://access.redhat.com/security/cve/CVE-2022-0485"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-0485",
    "datePublished": "2022-08-29T14:03:04.000Z",
    "dateReserved": "2022-02-03T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:32:45.848Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-0485",
      "date": "2026-05-28",
      "epss": "0.00091",
      "percentile": "0.25673"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-0485\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-08-29T15:15:09.537\",\"lastModified\":\"2024-11-21T06:38:45.583\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un fallo en la herramienta de copia \\\"nbdcopy\\\" de libnbd. Cuando eran llevado a cabo copias multihilo usando llamadas as\u00edncronas a nbd, nbdcopy trataba ciegamente la finalizaci\u00f3n de un comando as\u00edncrono como exitosa, en lugar de comprobar el par\u00e1metro *error. Esto pod\u00eda resultar en la creaci\u00f3n silenciosa de una imagen de destino corrupta\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-252\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-252\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:libnbd:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.11.8\",\"matchCriteriaId\":\"0DDC802B-4ACA-4DEF-BAE0-B6698249BE81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*\",\"matchCriteriaId\":\"3AA08768-75AF-4791-B229-AE938C780959\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-0485\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2046194\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2050324\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://gitlab.com/nbdkit/libnbd/-/commit/8d444b41d09a700c7ee6f9182a649f3f2d325abb\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-0485\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2046194\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2050324\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://gitlab.com/nbdkit/libnbd/-/commit/8d444b41d09a700c7ee6f9182a649f3f2d325abb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

SUSE-SU-2022:2754-1

Vulnerability from csaf_suse - Published: 2022-08-10 11:36 - Updated: 2022-08-10 11:36

Summary

Security update for libnbd

Severity

Moderate

Notes

Title of the patch: Security update for libnbd

Description of the patch: This update for libnbd fixes the following issues: - CVE-2022-0485: Fixed a missing error handling that may create corrupted destination image (bsc#1195636).

Patchnames: SUSE-2022-2754,openSUSE-SLE-15.3-2022-2754,openSUSE-SLE-15.4-2022-2754

CVE-2022-0485

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 34 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libnbd-bash-completion-1.12.4-150300.8.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:libnbd-bash-completion-1.12.4-150300.8.12.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1195636	self
https://www.suse.com/security/cve/CVE-2022-0485/	self
https://www.suse.com/security/cve/CVE-2022-0485	external
https://bugzilla.suse.com/1195636	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for libnbd",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for libnbd fixes the following issues:\n\n- CVE-2022-0485: Fixed a missing error handling that may create corrupted destination image (bsc#1195636).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2022-2754,openSUSE-SLE-15.3-2022-2754,openSUSE-SLE-15.4-2022-2754",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_2754-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2022:2754-1",
        "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222754-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2022:2754-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011883.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195636",
        "url": "https://bugzilla.suse.com/1195636"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-0485 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-0485/"
      }
    ],
    "title": "Security update for libnbd",
    "tracking": {
      "current_release_date": "2022-08-10T11:36:59Z",
      "generator": {
        "date": "2022-08-10T11:36:59Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2022:2754-1",
      "initial_release_date": "2022-08-10T11:36:59Z",
      "revision_history": [
        {
          "date": "2022-08-10T11:36:59Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libnbd-1.12.4-150300.8.12.1.aarch64",
                "product": {
                  "name": "libnbd-1.12.4-150300.8.12.1.aarch64",
                  "product_id": "libnbd-1.12.4-150300.8.12.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libnbd-devel-1.12.4-150300.8.12.1.aarch64",
                "product": {
                  "name": "libnbd-devel-1.12.4-150300.8.12.1.aarch64",
                  "product_id": "libnbd-devel-1.12.4-150300.8.12.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libnbd0-1.12.4-150300.8.12.1.aarch64",
                "product": {
                  "name": "libnbd0-1.12.4-150300.8.12.1.aarch64",
                  "product_id": "libnbd0-1.12.4-150300.8.12.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nbdfuse-1.12.4-150300.8.12.1.aarch64",
                "product": {
                  "name": "nbdfuse-1.12.4-150300.8.12.1.aarch64",
                  "product_id": "nbdfuse-1.12.4-150300.8.12.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-libnbd-1.12.4-150300.8.12.1.aarch64",
                "product": {
                  "name": "python3-libnbd-1.12.4-150300.8.12.1.aarch64",
                  "product_id": "python3-libnbd-1.12.4-150300.8.12.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libnbd-1.12.4-150300.8.12.1.i586",
                "product": {
                  "name": "libnbd-1.12.4-150300.8.12.1.i586",
                  "product_id": "libnbd-1.12.4-150300.8.12.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libnbd-devel-1.12.4-150300.8.12.1.i586",
                "product": {
                  "name": "libnbd-devel-1.12.4-150300.8.12.1.i586",
                  "product_id": "libnbd-devel-1.12.4-150300.8.12.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libnbd0-1.12.4-150300.8.12.1.i586",
                "product": {
                  "name": "libnbd0-1.12.4-150300.8.12.1.i586",
                  "product_id": "libnbd0-1.12.4-150300.8.12.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "nbdfuse-1.12.4-150300.8.12.1.i586",
                "product": {
                  "name": "nbdfuse-1.12.4-150300.8.12.1.i586",
                  "product_id": "nbdfuse-1.12.4-150300.8.12.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python3-libnbd-1.12.4-150300.8.12.1.i586",
                "product": {
                  "name": "python3-libnbd-1.12.4-150300.8.12.1.i586",
                  "product_id": "python3-libnbd-1.12.4-150300.8.12.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libnbd-bash-completion-1.12.4-150300.8.12.1.noarch",
                "product": {
                  "name": "libnbd-bash-completion-1.12.4-150300.8.12.1.noarch",
                  "product_id": "libnbd-bash-completion-1.12.4-150300.8.12.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libnbd-1.12.4-150300.8.12.1.ppc64le",
                "product": {
                  "name": "libnbd-1.12.4-150300.8.12.1.ppc64le",
                  "product_id": "libnbd-1.12.4-150300.8.12.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libnbd-devel-1.12.4-150300.8.12.1.ppc64le",
                "product": {
                  "name": "libnbd-devel-1.12.4-150300.8.12.1.ppc64le",
                  "product_id": "libnbd-devel-1.12.4-150300.8.12.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libnbd0-1.12.4-150300.8.12.1.ppc64le",
                "product": {
                  "name": "libnbd0-1.12.4-150300.8.12.1.ppc64le",
                  "product_id": "libnbd0-1.12.4-150300.8.12.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "nbdfuse-1.12.4-150300.8.12.1.ppc64le",
                "product": {
                  "name": "nbdfuse-1.12.4-150300.8.12.1.ppc64le",
                  "product_id": "nbdfuse-1.12.4-150300.8.12.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python3-libnbd-1.12.4-150300.8.12.1.ppc64le",
                "product": {
                  "name": "python3-libnbd-1.12.4-150300.8.12.1.ppc64le",
                  "product_id": "python3-libnbd-1.12.4-150300.8.12.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libnbd-1.12.4-150300.8.12.1.s390x",
                "product": {
                  "name": "libnbd-1.12.4-150300.8.12.1.s390x",
                  "product_id": "libnbd-1.12.4-150300.8.12.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libnbd-devel-1.12.4-150300.8.12.1.s390x",
                "product": {
                  "name": "libnbd-devel-1.12.4-150300.8.12.1.s390x",
                  "product_id": "libnbd-devel-1.12.4-150300.8.12.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libnbd0-1.12.4-150300.8.12.1.s390x",
                "product": {
                  "name": "libnbd0-1.12.4-150300.8.12.1.s390x",
                  "product_id": "libnbd0-1.12.4-150300.8.12.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "nbdfuse-1.12.4-150300.8.12.1.s390x",
                "product": {
                  "name": "nbdfuse-1.12.4-150300.8.12.1.s390x",
                  "product_id": "nbdfuse-1.12.4-150300.8.12.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python3-libnbd-1.12.4-150300.8.12.1.s390x",
                "product": {
                  "name": "python3-libnbd-1.12.4-150300.8.12.1.s390x",
                  "product_id": "python3-libnbd-1.12.4-150300.8.12.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libnbd-1.12.4-150300.8.12.1.x86_64",
                "product": {
                  "name": "libnbd-1.12.4-150300.8.12.1.x86_64",
                  "product_id": "libnbd-1.12.4-150300.8.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libnbd-devel-1.12.4-150300.8.12.1.x86_64",
                "product": {
                  "name": "libnbd-devel-1.12.4-150300.8.12.1.x86_64",
                  "product_id": "libnbd-devel-1.12.4-150300.8.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libnbd0-1.12.4-150300.8.12.1.x86_64",
                "product": {
                  "name": "libnbd0-1.12.4-150300.8.12.1.x86_64",
                  "product_id": "libnbd0-1.12.4-150300.8.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nbdfuse-1.12.4-150300.8.12.1.x86_64",
                "product": {
                  "name": "nbdfuse-1.12.4-150300.8.12.1.x86_64",
                  "product_id": "nbdfuse-1.12.4-150300.8.12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-libnbd-1.12.4-150300.8.12.1.x86_64",
                "product": {
                  "name": "python3-libnbd-1.12.4-150300.8.12.1.x86_64",
                  "product_id": "python3-libnbd-1.12.4-150300.8.12.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.3",
                "product": {
                  "name": "openSUSE Leap 15.3",
                  "product_id": "openSUSE Leap 15.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.4",
                "product": {
                  "name": "openSUSE Leap 15.4",
                  "product_id": "openSUSE Leap 15.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd-1.12.4-150300.8.12.1.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.aarch64"
        },
        "product_reference": "libnbd-1.12.4-150300.8.12.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd-1.12.4-150300.8.12.1.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.ppc64le"
        },
        "product_reference": "libnbd-1.12.4-150300.8.12.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd-1.12.4-150300.8.12.1.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.s390x"
        },
        "product_reference": "libnbd-1.12.4-150300.8.12.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd-1.12.4-150300.8.12.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.x86_64"
        },
        "product_reference": "libnbd-1.12.4-150300.8.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd-bash-completion-1.12.4-150300.8.12.1.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libnbd-bash-completion-1.12.4-150300.8.12.1.noarch"
        },
        "product_reference": "libnbd-bash-completion-1.12.4-150300.8.12.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd-devel-1.12.4-150300.8.12.1.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.aarch64"
        },
        "product_reference": "libnbd-devel-1.12.4-150300.8.12.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd-devel-1.12.4-150300.8.12.1.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.ppc64le"
        },
        "product_reference": "libnbd-devel-1.12.4-150300.8.12.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd-devel-1.12.4-150300.8.12.1.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.s390x"
        },
        "product_reference": "libnbd-devel-1.12.4-150300.8.12.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd-devel-1.12.4-150300.8.12.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.x86_64"
        },
        "product_reference": "libnbd-devel-1.12.4-150300.8.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd0-1.12.4-150300.8.12.1.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.aarch64"
        },
        "product_reference": "libnbd0-1.12.4-150300.8.12.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd0-1.12.4-150300.8.12.1.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.ppc64le"
        },
        "product_reference": "libnbd0-1.12.4-150300.8.12.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd0-1.12.4-150300.8.12.1.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.s390x"
        },
        "product_reference": "libnbd0-1.12.4-150300.8.12.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd0-1.12.4-150300.8.12.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.x86_64"
        },
        "product_reference": "libnbd0-1.12.4-150300.8.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nbdfuse-1.12.4-150300.8.12.1.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.aarch64"
        },
        "product_reference": "nbdfuse-1.12.4-150300.8.12.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nbdfuse-1.12.4-150300.8.12.1.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.ppc64le"
        },
        "product_reference": "nbdfuse-1.12.4-150300.8.12.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nbdfuse-1.12.4-150300.8.12.1.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.s390x"
        },
        "product_reference": "nbdfuse-1.12.4-150300.8.12.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nbdfuse-1.12.4-150300.8.12.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.x86_64"
        },
        "product_reference": "nbdfuse-1.12.4-150300.8.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd-1.12.4-150300.8.12.1.aarch64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.aarch64"
        },
        "product_reference": "libnbd-1.12.4-150300.8.12.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd-1.12.4-150300.8.12.1.ppc64le as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.ppc64le"
        },
        "product_reference": "libnbd-1.12.4-150300.8.12.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd-1.12.4-150300.8.12.1.s390x as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.s390x"
        },
        "product_reference": "libnbd-1.12.4-150300.8.12.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd-1.12.4-150300.8.12.1.x86_64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.x86_64"
        },
        "product_reference": "libnbd-1.12.4-150300.8.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd-bash-completion-1.12.4-150300.8.12.1.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libnbd-bash-completion-1.12.4-150300.8.12.1.noarch"
        },
        "product_reference": "libnbd-bash-completion-1.12.4-150300.8.12.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd-devel-1.12.4-150300.8.12.1.aarch64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.aarch64"
        },
        "product_reference": "libnbd-devel-1.12.4-150300.8.12.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd-devel-1.12.4-150300.8.12.1.ppc64le as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.ppc64le"
        },
        "product_reference": "libnbd-devel-1.12.4-150300.8.12.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd-devel-1.12.4-150300.8.12.1.s390x as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.s390x"
        },
        "product_reference": "libnbd-devel-1.12.4-150300.8.12.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd-devel-1.12.4-150300.8.12.1.x86_64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.x86_64"
        },
        "product_reference": "libnbd-devel-1.12.4-150300.8.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd0-1.12.4-150300.8.12.1.aarch64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.aarch64"
        },
        "product_reference": "libnbd0-1.12.4-150300.8.12.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd0-1.12.4-150300.8.12.1.ppc64le as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.ppc64le"
        },
        "product_reference": "libnbd0-1.12.4-150300.8.12.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd0-1.12.4-150300.8.12.1.s390x as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.s390x"
        },
        "product_reference": "libnbd0-1.12.4-150300.8.12.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnbd0-1.12.4-150300.8.12.1.x86_64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.x86_64"
        },
        "product_reference": "libnbd0-1.12.4-150300.8.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nbdfuse-1.12.4-150300.8.12.1.aarch64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.aarch64"
        },
        "product_reference": "nbdfuse-1.12.4-150300.8.12.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nbdfuse-1.12.4-150300.8.12.1.ppc64le as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.ppc64le"
        },
        "product_reference": "nbdfuse-1.12.4-150300.8.12.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nbdfuse-1.12.4-150300.8.12.1.s390x as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.s390x"
        },
        "product_reference": "nbdfuse-1.12.4-150300.8.12.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nbdfuse-1.12.4-150300.8.12.1.x86_64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.x86_64"
        },
        "product_reference": "nbdfuse-1.12.4-150300.8.12.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-0485",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-0485"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.aarch64",
          "openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.ppc64le",
          "openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.s390x",
          "openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.x86_64",
          "openSUSE Leap 15.3:libnbd-bash-completion-1.12.4-150300.8.12.1.noarch",
          "openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.aarch64",
          "openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.ppc64le",
          "openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.s390x",
          "openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.x86_64",
          "openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.aarch64",
          "openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.ppc64le",
          "openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.s390x",
          "openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.x86_64",
          "openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.aarch64",
          "openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.ppc64le",
          "openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.s390x",
          "openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.x86_64",
          "openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.aarch64",
          "openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.ppc64le",
          "openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.s390x",
          "openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.x86_64",
          "openSUSE Leap 15.4:libnbd-bash-completion-1.12.4-150300.8.12.1.noarch",
          "openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.aarch64",
          "openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.ppc64le",
          "openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.s390x",
          "openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.x86_64",
          "openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.aarch64",
          "openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.ppc64le",
          "openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.s390x",
          "openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.x86_64",
          "openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.aarch64",
          "openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.ppc64le",
          "openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.s390x",
          "openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-0485",
          "url": "https://www.suse.com/security/cve/CVE-2022-0485"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1195636 for CVE-2022-0485",
          "url": "https://bugzilla.suse.com/1195636"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.aarch64",
            "openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.ppc64le",
            "openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.s390x",
            "openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.x86_64",
            "openSUSE Leap 15.3:libnbd-bash-completion-1.12.4-150300.8.12.1.noarch",
            "openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.aarch64",
            "openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.ppc64le",
            "openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.s390x",
            "openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.x86_64",
            "openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.aarch64",
            "openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.ppc64le",
            "openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.s390x",
            "openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.x86_64",
            "openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.aarch64",
            "openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.ppc64le",
            "openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.s390x",
            "openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.x86_64",
            "openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.aarch64",
            "openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.ppc64le",
            "openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.s390x",
            "openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.x86_64",
            "openSUSE Leap 15.4:libnbd-bash-completion-1.12.4-150300.8.12.1.noarch",
            "openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.aarch64",
            "openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.ppc64le",
            "openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.s390x",
            "openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.x86_64",
            "openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.aarch64",
            "openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.ppc64le",
            "openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.s390x",
            "openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.x86_64",
            "openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.aarch64",
            "openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.ppc64le",
            "openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.s390x",
            "openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.aarch64",
            "openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.ppc64le",
            "openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.s390x",
            "openSUSE Leap 15.3:libnbd-1.12.4-150300.8.12.1.x86_64",
            "openSUSE Leap 15.3:libnbd-bash-completion-1.12.4-150300.8.12.1.noarch",
            "openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.aarch64",
            "openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.ppc64le",
            "openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.s390x",
            "openSUSE Leap 15.3:libnbd-devel-1.12.4-150300.8.12.1.x86_64",
            "openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.aarch64",
            "openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.ppc64le",
            "openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.s390x",
            "openSUSE Leap 15.3:libnbd0-1.12.4-150300.8.12.1.x86_64",
            "openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.aarch64",
            "openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.ppc64le",
            "openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.s390x",
            "openSUSE Leap 15.3:nbdfuse-1.12.4-150300.8.12.1.x86_64",
            "openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.aarch64",
            "openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.ppc64le",
            "openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.s390x",
            "openSUSE Leap 15.4:libnbd-1.12.4-150300.8.12.1.x86_64",
            "openSUSE Leap 15.4:libnbd-bash-completion-1.12.4-150300.8.12.1.noarch",
            "openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.aarch64",
            "openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.ppc64le",
            "openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.s390x",
            "openSUSE Leap 15.4:libnbd-devel-1.12.4-150300.8.12.1.x86_64",
            "openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.aarch64",
            "openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.ppc64le",
            "openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.s390x",
            "openSUSE Leap 15.4:libnbd0-1.12.4-150300.8.12.1.x86_64",
            "openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.aarch64",
            "openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.ppc64le",
            "openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.s390x",
            "openSUSE Leap 15.4:nbdfuse-1.12.4-150300.8.12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-08-10T11:36:59Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-0485"
    }
  ]
}

WID-SEC-W-2022-1004

Vulnerability from csaf_certbund - Published: 2022-03-16 23:00 - Updated: 2024-09-02 22:00

Summary

Red Hat Virtualization: Schwachstelle ermöglicht Manipulation von Dateien

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Virtualization ist eine Virtualisierungslösung von Red Hat, die die simultane Ausführung von verschiedenen Betriebssystemen auf einem Host-System ermöglicht.

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Virtualization ausnutzen, um Dateien zu manipulieren.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2022-0485

Es existiert eine Schwachstelle in Red Hat Virtualization. Die Schwachstelle tritt in der Komponente libnbd auf und ist auf ein unzureichendes Abfangen von Fehlern zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, Dateien zu manipulieren.

Affected products

Known affected 4 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Virtualization virt:av Red Hat / Virtualization	`cpe:/a:redhat:virtualization:virtav`	virt:av
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

References

11 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2022:0949	external
https://access.redhat.com/errata/RHSA-2022:0971	external
https://access.redhat.com/errata/RHSA-2022:1759	external
https://access.redhat.com/errata/RHSA-2022:2181	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://inthewild.io/vuln/CVE-2022-0485	external
https://linux.oracle.com/errata/ELSA-2023-6980.html	external
https://linux.oracle.com/errata/ELSA-2024-12605.html	external
https://linux.oracle.com/errata/ELSA-2024-12604.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Virtualization ist eine Virtualisierungsl\u00f6sung von Red Hat, die die simultane Ausf\u00fchrung von verschiedenen Betriebssystemen auf einem Host-System erm\u00f6glicht.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Virtualization ausnutzen, um Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-1004 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1004.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-1004 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1004"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:0949 vom 2022-03-16",
        "url": "https://access.redhat.com/errata/RHSA-2022:0949"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:0971 vom 2022-03-21",
        "url": "https://access.redhat.com/errata/RHSA-2022:0971"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:1759 vom 2022-05-10",
        "url": "https://access.redhat.com/errata/RHSA-2022:1759"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:2181 vom 2022-05-11",
        "url": "https://access.redhat.com/errata/RHSA-2022:2181"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2754-1 vom 2022-08-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011883.html"
      },
      {
        "category": "external",
        "summary": "PoC auf inTheWild.io vom 2022-09-01",
        "url": "https://inthewild.io/vuln/CVE-2022-0485"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-6980 vom 2023-11-21",
        "url": "https://linux.oracle.com/errata/ELSA-2023-6980.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12605 vom 2024-09-02",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12605.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12604 vom 2024-09-02",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12604.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Virtualization: Schwachstelle erm\u00f6glicht Manipulation von Dateien",
    "tracking": {
      "current_release_date": "2024-09-02T22:00:00.000+00:00",
      "generator": {
        "date": "2024-09-03T08:15:29.275+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.6"
        }
      },
      "id": "WID-SEC-W-2022-1004",
      "initial_release_date": "2022-03-16T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-03-16T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-03-20T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-05-10T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-05-11T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-10T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-09-01T22:00:00.000+00:00",
          "number": "6",
          "summary": "Exploit aufgenommen"
        },
        {
          "date": "2023-11-21T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-09-02T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "8"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "virt:av",
                "product": {
                  "name": "Red Hat Virtualization virt:av",
                  "product_id": "T022354",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:virtualization:virtav"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Virtualization"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-0485",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Red Hat Virtualization. Die Schwachstelle tritt in der Komponente libnbd auf und ist auf ein unzureichendes Abfangen von Fehlern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T022354",
          "T004914"
        ]
      },
      "release_date": "2022-03-16T23:00:00.000+00:00",
      "title": "CVE-2022-0485"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-0485 (GCVE-0-2022-0485)

SUSE-SU-2022:2754-1

WID-SEC-W-2022-1004

Tags

Sightings

Nomenclature