CVE-2022-0485

A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.

Weakness

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Affected Software

Name	Vendor	Start Version	End Version
Libnbd	Redhat	*	1.11.8 (excluding)
Enterprise_linux	Redhat	8.0 (including)	8.0 (including)
Advanced Virtualization for RHEL 8.4.0.EUS	RedHat	virt:av-8040020220210233846.522a0ee4	*
Advanced Virtualization for RHEL 8.4.0.EUS	RedHat	virt-devel:av-8040020220210233846.522a0ee4	*
Advanced Virtualization for RHEL 8.5.0.Z	RedHat	virt:av-8050020220210180726.c5368500	*
Advanced Virtualization for RHEL 8.5.0.Z	RedHat	virt-devel:av-8050020220210180726.c5368500	*
Advanced Virtualization for RHEL 8.6.0	RedHat	virt:av-8060020220407154248.d63f516d	*
Advanced Virtualization for RHEL 8.6.0	RedHat	virt-devel:av-8060020220407154248.d63f516d	*
Red Hat Enterprise Linux 8	RedHat	virt-devel:rhel-8060020220408104655.d63f516d	*
Red Hat Enterprise Linux 8	RedHat	virt:rhel-8060020220408104655.d63f516d	*
Libnbd	Ubuntu	focal	*
Libnbd	Ubuntu	impish	*
Libnbd	Ubuntu	kinetic	*
Libnbd	Ubuntu	lunar	*
Libnbd	Ubuntu	mantic	*
Libnbd	Ubuntu	oracular	*
Libnbd	Ubuntu	plucky	*
Libnbd	Ubuntu	trusty	*
Libnbd	Ubuntu	xenial	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-0485
CWE	https://cwe.mitre.org/data/definitions/252.html

Unchecked Return Value

Weakness

Affected Software

Potential Mitigations

References