Published: 4 August 2020
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.
This is ZDI-CAN-11561. caused by the switch to systemd socket activation, so bionic and earlier are not affected
Severity score breakdown