A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00072.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html | Mailing List Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1881037 | Issue Tracking Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html | |
https://security.gentoo.org/glsa/202210-06 | Third Party Advisory |
Configurations
History
01 Apr 2024, 13:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2022, 17:35
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202210-06 - Third Party Advisory |
16 Oct 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:* |
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
References |
|
|
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00072.html - Mailing List, Third Party Advisory |
Information
Published : 2020-10-06 14:15
Updated : 2024-04-01 13:16
NVD link : CVE-2020-25637
Mitre link : CVE-2020-25637
CVE.ORG link : CVE-2020-25637
JSON object : View
Products Affected
redhat
- libvirt
opensuse
- leap
CWE
CWE-415
Double Free