CVE-2020-25637
Published: 6 October 2020
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Priority
CVSS 3 base score: 6.7
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
bionic |
Released
(4.0.0-1ubuntu8.21)
|
focal |
Released
(6.0.0-0ubuntu8.16)
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Not vulnerable
(6.8.0-1)
|
|
impish |
Not vulnerable
(6.8.0-1)
|
|
jammy |
Not vulnerable
(6.8.0-1)
|
|
precise |
Ignored
(end of ESM support, was needed)
|
|
trusty |
Needed
|
|
upstream |
Released
(6.8.0-1)
|
|
xenial |
Needed
|
Notes
Author | Note |
---|---|
mdeslaur | Read-only clients can't exploit this flaw. Clients connecting to the read-write socket can exploit this to crash libvirt or possibly execute code, but on Ubuntu, access to the read-write socket already grants root-equivalent permissions, so this flaw has limited impact. Setting priority to negligible. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25637
- https://ubuntu.com/security/notices/USN-5399-1
- NVD
- Launchpad
- Debian