{"id":"CVE-2022-0485","details":"A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.","modified":"2026-04-12T05:16:26.092826Z","published":"2022-08-29T15:15:09.537Z","related":["ALSA-2022:1759","SUSE-SU-2022:2347-1","SUSE-SU-2022:2754-1","openSUSE-SU-2024:11833-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"8.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*"}]},"references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2022-0485"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2046194"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2050324"},{"type":"FIX","url":"https://gitlab.com/nbdkit/libnbd/-/commit/8d444b41d09a700c7ee6f9182a649f3f2d325abb"},{"type":"FIX","url":"https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libguestfs/libnbd","events":[{"introduced":"0"},{"fixed":"58e0c284e5ebcff101cd3b1f8fc7232f68202b66"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.11.8"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:redhat:libnbd:*:*:*:*:*:*:*:*"}}],"versions":["v0.1","v0.1.1","v0.1.2","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.1.8","v0.1.9","v0.9.6","v0.9.7","v0.9.8","v0.9.9","v1.0.0","v1.1.1","v1.1.2","v1.1.3","v1.1.4","v1.1.5","v1.1.6","v1.1.7","v1.1.8","v1.1.9","v1.10.0","v1.11.1","v1.11.2","v1.11.3","v1.11.4","v1.11.5","v1.11.6","v1.11.7","v1.2.0","v1.3.1","v1.3.10","v1.3.11","v1.3.12","v1.3.2","v1.3.3","v1.3.4","v1.3.5","v1.3.6","v1.3.7","v1.3.8","v1.3.9","v1.4.0","v1.5.1","v1.5.2","v1.5.3","v1.5.4","v1.5.5","v1.5.6","v1.5.7","v1.5.8","v1.5.9","v1.6.0","v1.7.1","v1.7.10","v1.7.11","v1.7.12","v1.7.2","v1.7.3","v1.7.4","v1.7.5","v1.7.6","v1.7.7","v1.7.8","v1.7.9","v1.8.0","v1.9.1","v1.9.2","v1.9.3","v1.9.4","v1.9.5","v1.9.6"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0485.json"}},{"ranges":[{"type":"GIT","repo":"https://gitlab.com/nbdkit/libnbd","events":[{"introduced":"0"},{"fixed":"8d444b41d09a700c7ee6f9182a649f3f2d325abb"}],"database_specific":{"source":"REFERENCES"}}],"versions":["v0.1","v0.1.1","v0.1.2","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.1.8","v0.1.9","v0.9.6","v0.9.7","v0.9.8","v0.9.9","v1.0.0","v1.1.1","v1.1.2","v1.1.3","v1.1.4","v1.1.5","v1.1.6","v1.1.7","v1.1.8","v1.1.9","v1.10.0","v1.11.1","v1.11.2","v1.11.3","v1.11.4","v1.11.5","v1.11.6","v1.11.7","v1.2.0","v1.3.1","v1.3.10","v1.3.11","v1.3.12","v1.3.2","v1.3.3","v1.3.4","v1.3.5","v1.3.6","v1.3.7","v1.3.8","v1.3.9","v1.4.0","v1.5.1","v1.5.2","v1.5.3","v1.5.4","v1.5.5","v1.5.6","v1.5.7","v1.5.8","v1.5.9","v1.6.0","v1.7.1","v1.7.10","v1.7.11","v1.7.12","v1.7.2","v1.7.3","v1.7.4","v1.7.5","v1.7.6","v1.7.7","v1.7.8","v1.7.9","v1.8.0","v1.9.1","v1.9.2","v1.9.3","v1.9.4","v1.9.5","v1.9.6"],"database_specific":{"vanir_signatures":[{"target":{"function":"free_command","file":"copy/multi-thread-copying.c"},"source":"https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb","id":"CVE-2022-0485-09b5d2a6","deprecated":false,"digest":{"function_hash":"140753532197270880249282402125928125200","length":246},"signature_type":"Function","signature_version":"v1"},{"target":{"function":"file_asynch_zero","file":"copy/file-ops.c"},"source":"https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb","id":"CVE-2022-0485-1cd1b2d4","deprecated":false,"digest":{"function_hash":"174743253629256537080148798967245715228","length":331},"signature_type":"Function","signature_version":"v1"},{"target":{"function":"finished_read","file":"copy/multi-thread-copying.c"},"source":"https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb","id":"CVE-2022-0485-667a8a85","deprecated":false,"digest":{"function_hash":"296522027796039040246861898769837897650","length":1513},"signature_type":"Function","signature_version":"v1"},{"target":{"function":"file_asynch_write","file":"copy/file-ops.c"},"source":"https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb","id":"CVE-2022-0485-74a12645","deprecated":false,"digest":{"function_hash":"65940939133033851419285668712397775335","length":303},"signature_type":"Function","signature_version":"v1"},{"target":{"function":"null_asynch_write","file":"copy/null-ops.c"},"source":"https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb","id":"CVE-2022-0485-778e2813","deprecated":false,"digest":{"function_hash":"61187966151078355124737797675323953502","length":211},"signature_type":"Function","signature_version":"v1"},{"target":{"function":"file_asynch_read","file":"copy/file-ops.c"},"source":"https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb","id":"CVE-2022-0485-8337563d","deprecated":false,"digest":{"function_hash":"65940939133033851419285668712397775335","length":303},"signature_type":"Function","signature_version":"v1"},{"target":{"file":"copy/multi-thread-copying.c"},"source":"https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb","id":"CVE-2022-0485-bfb9b9dd","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["245443681764850148070195278450231387179","99447371129016312061907112603345243209","46546684944686530926987258321760356204","301928923822696319653025175800594342473","296847346053776932475829062150126703913","131572299419535312639726735367569959161","27397099661772594302585512618426456249","1412462091485739934124052895724898278","186819742450962135790420196095505673865","27063293043488776432129355591322507053"]},"signature_type":"Line","signature_version":"v1"},{"target":{"file":"copy/file-ops.c"},"source":"https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb","id":"CVE-2022-0485-d9f2fe6b","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["7221645883676583427374079500462987128","41843444484117998780555563481246890434","11507800956564313871455185068583299565","65347125755755945877845493538453389765","225943733830841169222739559397432080432","17974783946504134748147358398950682551","112567878137827726796969151434252514102","113481492128060038848161315137532015481","94508799648681293795543082899406270221","11507800956564313871455185068583299565","65347125755755945877845493538453389765","225943733830841169222739559397432080432","117594744608198626962493634889281765419","88032169294742916354966643864685963770","321120410725573947380476422206252571464","181054683348875895529563301360291401679","74358511777962735407994333081457612885","65347125755755945877845493538453389765","120527324807618009280075744336953539757","202813863166090165352494322044591414524","215515013894404426382886170142396362245"]},"signature_type":"Line","signature_version":"v1"},{"target":{"file":"copy/null-ops.c"},"source":"https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb","id":"CVE-2022-0485-da4ee8c4","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["47515792989108032892124465534087217578","11952043217047517239172753288132336829","230410012512729402974309356509945439641","65347125755755945877845493538453389765","225943733830841169222739559397432080432","117594744608198626962493634889281765419","254034515504305195934222221736803215878","192568139869729283432592935158013218042","11952043217047517239172753288132336829","230410012512729402974309356509945439641","65347125755755945877845493538453389765","120527324807618009280075744336953539757","202813863166090165352494322044591414524","215515013894404426382886170142396362245"]},"signature_type":"Line","signature_version":"v1"},{"target":{"function":"null_asynch_zero","file":"copy/null-ops.c"},"source":"https://gitlab.com/nbdkit/libnbd@8d444b41d09a700c7ee6f9182a649f3f2d325abb","id":"CVE-2022-0485-fb2046de","deprecated":false,"digest":{"function_hash":"300585236970930192472376929530623935977","length":239},"signature_type":"Function","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-12T05:16:26Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0485.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}