Lucene search

K
archlinuxArchLinuxASA-202101-42
HistoryJan 29, 2021 - 12:00 a.m.

[ASA-202101-42] libvirt: arbitrary code execution

2021-01-2900:00:00
security.archlinux.org
103

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

13.1%

Arch Linux Security Advisory ASA-202101-42

Severity: Critical
Date : 2021-01-29
CVE-ID : CVE-2020-25637
Package : libvirt
Type : arbitrary code execution
Remote : No
Link : https://security.archlinux.org/AVG-1240

Summary

The package libvirt before version 1:7.0.0-1 is vulnerable to arbitrary
code execution.

Resolution

Upgrade to 1:7.0.0-1.

pacman -Syu β€œlibvirt>=1:7.0.0-1”

The problem has been fixed upstream in version 7.0.0.

Workaround

None.

Description

A double free memory issue was found to occur in the libvirt API
responsible for requesting information about network interfaces of a
running QEMU domain. This flaw affects the polkit access control
driver. Specifically, clients connecting to the read-write socket with
limited ACL permissions could use this flaw to crash the libvirt
daemon, resulting in a denial of service, or potentially escalate their
privileges on the system.

Impact

A malicious user could query the API in a way that could result in a
code execution flaw.

References

https://www.openwall.com/lists/oss-security/2020/10/02/1
https://libvirt.org/git/?p=libvirt.git;a=commit;h=955029bd0ad7ef96000f529ac38204a8f4a96401
https://libvirt.org/git/?p=libvirt.git;a=commit;h=50864dcda191eb35732dbd80fb6ca251a6bba923
https://libvirt.org/git/?p=libvirt.git;a=commit;h=e4116eaa44cb366b59f7fe98f4b88d04c04970ad
https://libvirt.org/git/?p=libvirt.git;a=commit;h=a63b48c5ecef077bf0f909a85f453a605600cf05
https://security.archlinux.org/CVE-2020-25637

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanylibvirt<Β 1:7.0.0-1UNKNOWN

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

13.1%