ALT-PU-2021-1965-1

BDU:2020-03920

HIGH7.8

Уязвимость библиотеки управления виртуализацией Libvirt, связанная с неправильным присвоением разрешений для критичного ресурса, позволяющая нарушителю повысить свои привилегии

Published: 2020-08-14

CVSS 3.xHIGH 7.8

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C

References

CVE-2020-15708

BDU:2021-03736

MEDIUM6.7

Уязвимость демона для управления виртуализацией Libvirt, связанная с повторным освобождением памяти, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Published: 2021-07-20Modified: 2024-09-16

CVSS 3.xMEDIUM 6.7

CVSS:3.x/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.5

CVSS:2.0/AV:L/AC:L/Au:M/C:C/I:C/A:C

References

CVE-2020-25637

BDU:2021-04130

MEDIUM6.5

Уязвимость демона и набора инструментов для управления виртуализацией libvirt, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2021-08-18Modified: 2024-09-13

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

References

CVE-2020-10703

BDU:2021-04592

MEDIUM6.5

Уязвимость библиотеки управления виртуализацией Libvirt, связанная с ошибками авторизации, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2021-09-20Modified: 2022-10-18

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

References

CVE-2020-10701

BDU:2022-05833

MEDIUM6.5

Уязвимость функции qemuDomainGetStatsIOThread компонента qemu_driver.c библиотеки управления виртуализацией Libvirt, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2022-09-21Modified: 2022-10-20

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2020-12430

CVE-2019-20485

MEDIUM5.7

qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).

Published: 2020-03-19Modified: 2024-11-21

CVSS 2.0LOW 2.7

CVSS:2.0/AV:A/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.7

CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2020-10701

MEDIUM6.5

A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.

Published: 2021-05-27Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2020-10703

MEDIUM6.5

A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.

Published: 2020-06-02Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2020-12430

MEDIUM6.5

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.

Published: 2020-04-28Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2020-14339

HIGH8.8

A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Published: 2020-12-03Modified: 2024-11-21

CVSS 2.0HIGH 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References

CVE-2020-15708

HIGH7.8

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.

Published: 2020-11-06Modified: 2024-11-21

CVSS 2.0MEDIUM 4.6

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

CVE-2020-25637

MEDIUM6.7

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Published: 2020-10-06Modified: 2024-11-21

CVSS 2.0HIGH 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS 3.xMEDIUM 6.7

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

CVE-2021-3975

MEDIUM6.5

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.

Published: 2022-08-23Modified: 2024-11-21

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Package update libvirt in branch c9f2

Closed issues (13)

Уязвимость библиотеки управления виртуализацией Libvirt, связанная с ошибками авторизации, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции qemuDomainGetStatsIOThread компонента qemu_driver.c библиотеки управления виртуализацией Libvirt, позволяющая нарушителю вызвать отказ в обслуживании

qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.