CVE-2022-3667: 
NixOS vulnerability analysis and mitigation

An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt, tracked as CVE-2021-3667. The vulnerability affects libvirt versions up to and including 7.5.0, discovered in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The issue is classified as CWE-667 (Improper Locking). The vulnerability affects the storagePoolLookupByTargetPath function's locking mechanism, where the locked virStoragePoolObj object isn't properly released when ACL permission checks fail (NVD, Ubuntu).

The vulnerability primarily affects system availability. Clients connecting to the read-write socket with limited ACL permissions can exploit this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition (NVD).

The vulnerability has been fixed in various distributions. Ubuntu has released fixes in version 7.6.0-0ubuntu3 for 22.04 LTS and version 6.0.0-0ubuntu8.16 for 20.04 LTS. The upstream fix is available in the libvirt repository with commit 447f69d (Ubuntu).