CVE-2020-25637
Published: 6 October 2020
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Notes
Author | Note |
---|---|
mdeslaur | Read-only clients can't exploit this flaw. Clients connecting to the read-write socket can exploit this to crash libvirt or possibly execute code, but on Ubuntu, access to the read-write socket already grants root-equivalent permissions, so this flaw has limited impact. Setting priority to negligible. |
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(6.8.0-1)
|
hirsute |
Not vulnerable
(6.8.0-1)
|
|
trusty |
Needed
|
|
groovy |
Ignored
(end of life)
|
|
upstream |
Released
(6.8.0-1)
|
|
xenial |
Needed
|
|
jammy |
Not vulnerable
(6.8.0-1)
|
|
lunar |
Not vulnerable
(6.8.0-1)
|
|
bionic |
Released
(4.0.0-1ubuntu8.21)
|
|
focal |
Released
(6.0.0-0ubuntu8.16)
|
|
kinetic |
Not vulnerable
(6.8.0-1)
|
|
Patches: upstream: https://github.com/libvirt/libvirt/commit/955029bd0ad7ef96000f529ac38204a8f4a96401 (v6.8.0) upstream: https://github.com/libvirt/libvirt/commit/50864dcda191eb35732dbd80fb6ca251a6bba923 (v6.8.0) upstream: https://github.com/libvirt/libvirt/commit/e4116eaa44cb366b59f7fe98f4b88d04c04970ad (v6.8.0) upstream: https://github.com/libvirt/libvirt/commit/a63b48c5ecef077bf0f909a85f453a605600cf05 (v6.8.0) |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.7 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | High |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |