CVE-2022-0485 Information

Description

A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls nbdcopy was blindly treating the completion of an asynchronous command as successful rather than checking the error parameter. This could result in the silent creation of a corrupted destination image.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=2050324 https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html https://access.redhat.com/security/cve/CVE-2022-0485 https://bugzilla.redhat.com/show_bug.cgi?id=2046194 https://gitlab.com/nbdkit/libnbd/-/commit/8d444b41d09a700c7ee6f9182a649f3f2d325abb