CVE-2020-25637
Published: 6 October 2020
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Notes
Author | Note |
---|---|
mdeslaur | Read-only clients can't exploit this flaw. Clients connecting to the read-write socket can exploit this to crash libvirt or possibly execute code, but on Ubuntu, access to the read-write socket already grants root-equivalent permissions, so this flaw has limited impact. Setting priority to negligible. |
Priority
CVSS 3 base score: 6.7
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
bionic |
Released
(4.0.0-1ubuntu8.21)
|
focal |
Released
(6.0.0-0ubuntu8.16)
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Not vulnerable
(6.8.0-1)
|
|
impish |
Not vulnerable
(6.8.0-1)
|
|
jammy |
Not vulnerable
(6.8.0-1)
|
|
kinetic |
Not vulnerable
(6.8.0-1)
|
|
precise |
Ignored
(end of ESM support, was needed)
|
|
trusty |
Needed
|
|
upstream |
Released
(6.8.0-1)
|
|
xenial |
Needed
|
|
Patches: upstream: https://github.com/libvirt/libvirt/commit/955029bd0ad7ef96000f529ac38204a8f4a96401 (v6.8.0) upstream: https://github.com/libvirt/libvirt/commit/50864dcda191eb35732dbd80fb6ca251a6bba923 (v6.8.0) upstream: https://github.com/libvirt/libvirt/commit/e4116eaa44cb366b59f7fe98f4b88d04c04970ad (v6.8.0) upstream: https://github.com/libvirt/libvirt/commit/a63b48c5ecef077bf0f909a85f453a605600cf05 (v6.8.0) |