6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
13.2%
Severity: Critical
Date : 2021-01-29
CVE-ID : CVE-2020-25637
Package : libvirt
Type : arbitrary code execution
Remote : No
Link : https://security.archlinux.org/AVG-1240
The package libvirt before version 1:7.0.0-1 is vulnerable to arbitrary
code execution.
Upgrade to 1:7.0.0-1.
The problem has been fixed upstream in version 7.0.0.
None.
A double free memory issue was found to occur in the libvirt API
responsible for requesting information about network interfaces of a
running QEMU domain. This flaw affects the polkit access control
driver. Specifically, clients connecting to the read-write socket with
limited ACL permissions could use this flaw to crash the libvirt
daemon, resulting in a denial of service, or potentially escalate their
privileges on the system.
A malicious user could query the API in a way that could result in a
code execution flaw.
https://www.openwall.com/lists/oss-security/2020/10/02/1
https://libvirt.org/git/?p=libvirt.git;a=commit;h=955029bd0ad7ef96000f529ac38204a8f4a96401
https://libvirt.org/git/?p=libvirt.git;a=commit;h=50864dcda191eb35732dbd80fb6ca251a6bba923
https://libvirt.org/git/?p=libvirt.git;a=commit;h=e4116eaa44cb366b59f7fe98f4b88d04c04970ad
https://libvirt.org/git/?p=libvirt.git;a=commit;h=a63b48c5ecef077bf0f909a85f453a605600cf05
https://security.archlinux.org/CVE-2020-25637
libvirt.org/git/?p=libvirt.git;a=commit;h=50864dcda191eb35732dbd80fb6ca251a6bba923
libvirt.org/git/?p=libvirt.git;a=commit;h=955029bd0ad7ef96000f529ac38204a8f4a96401
libvirt.org/git/?p=libvirt.git;a=commit;h=a63b48c5ecef077bf0f909a85f453a605600cf05
libvirt.org/git/?p=libvirt.git;a=commit;h=e4116eaa44cb366b59f7fe98f4b88d04c04970ad
security.archlinux.org/AVG-1240
security.archlinux.org/CVE-2020-25637
www.openwall.com/lists/oss-security/2020/10/02/1
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
13.2%