22 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-14339
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libvirt, where it leaked a file descriptor for /dev/mapper/control into the QEMU process. This file descriptor allows for privileged...
AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2020:4676)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4676 advisory. libvirt: leak of /dev/mapper/control into QEMU guests CVE-2020-14339 QEMU: Slirp: use-after-free during packet reassembly CVE-2019-15890 libvirt: Potentia...
SUSE: Security Advisory (SUSE-SU-2020:2233-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.9.1 : libvirt (EulerOS-SA-2021-1631)
According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting informati...
CentOS 8 : virt:rhel and virt-devel:rhel (CESA-2020:4676)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4676 advisory. - QEMU: Slirp: use-after-free during packet reassembly CVE-2019-15890 - libvirt: Potential DoS by holding a monitor job while querying QEMU guest-agent...
GLSA-202101-22 : libvirt: Unintended access to /dev/mapper/control
The remote host is affected by the vulnerability described in GLSA-202101-22 libvirt: Unintended access to /dev/mapper/control A file descriptor for /dev/mapper/control was insufficiently protected. Impact : A local attacker may be able to escalate to root privileges. Workaround : There is no kno...
CVE-2020-14339
CVE-2020-14339 describes a flaw in libvirt where a file descriptor for /dev/mapper/control is leaked into the QEMU process. This enables privileged operations against the host device-mapper, allowing a malicious guest user or process to perform actions outside normal permissions and potentially d...
Moderate: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2020:4676)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4676 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contai...
Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...
RLSA-2020:4676 Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting wi...
ALSA-2020:4676 Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...
openSUSE: Security Advisory for libvirt (openSUSE-SU-2020:1455-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2020:1455-1 Security update for libvirt
This update for libvirt fixes the following issues: - CVE-2020-14339: Don't leak /dev/mapper/control into QEMU. Use ioctl's to obtain the dependency tree of disks and drop use of libdevmapper. bsc1161883, bsc1174458 This update was imported from the SUSE:SLE-15-SP2:Update update project...
Important: Red Hat Security Advisory: virt:8.2 and virt-devel:8.2 security and bug fix update
An update for the virt:8.2 and virt-devel:8.2 modules is now available for Advanced Virtualization for RHEL 8.2.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
RHEL 8 : virt:8.2 and virt-devel:8.2 (RHSA-2020:3586)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3586 advisory. The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Re...
SUSE SLED15 / SLES15 Security Update : libvirt (SUSE-SU-2020:2269-1)
This update for libvirt fixes the following issues : CVE-2020-14339: Don't leak /dev/mapper/control into QEMU. Use ioctl's to obtain the dependency tree of disks and drop use of libdevmapper. bsc1161883, bsc1174458 Note that Tenable Network Security has extracted the preceding description block...
SUSE-SU-2020:2269-1 Security update for libvirt
This update for libvirt fixes the following issues: - CVE-2020-14339: Don't leak /dev/mapper/control into QEMU. Use ioctl's to obtain the dependency tree of disks and drop use of libdevmapper. bsc1161883, bsc1174458...
SUSE SLED15 / SLES15 Security Update : libvirt (SUSE-SU-2020:2237-1)
This update for libvirt fixes the following issues : CVE-2020-14339: Don't leak /dev/mapper/control into QEMU. Use ioctl's to obtain the dependency tree of disks and drop use of libdevmapper. - bsc1161883, bsc1174458 qemu: Setup emulator thread and cpuset.mems before exec - bsc1171946 libxl:...
SUSE-SU-2020:2237-1 Security update for libvirt
This update for libvirt fixes the following issues: - CVE-2020-14339: Don't leak /dev/mapper/control into QEMU. Use ioctl's to obtain the dependency tree of disks and drop use of libdevmapper. - bsc1161883, bsc1174458 - qemu: Setup emulator thread and cpuset.mems before exec - bsc1171946 - libxl:...