PT-2020-13976 · Red Hat+5 · Libvirt+6

Mauro Matteo Cascella

Published

2020-08-11

Updated

2024-06-15

CVE-2020-14339

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libvirt (affected versions not specified)

Description A flaw was found in libvirt, where it leaked a file descriptor for /dev/mapper/control into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

ALSA-2020:4676

ALT-PU-2020-2517

ALT-PU-2020-2740

ALT-PU-2021-1881

ALT-PU-2021-1965

CESA-2020_4676

CVE-2020-14339

OESA-2021-1010

OPENSUSE-SU-2020:1455-1

OPENSUSE-SU-2020_1455-1

OPENSUSE-SU-2024:11008-1

RHSA-2020:3586

RHSA-2020:4676

RHSA-2020_4676

RLSA-2020:4676

SUSE-SU-2020:2233-1

SUSE-SU-2020:2237-1

SUSE-SU-2020:2269-1

SUSE-SU-2020_2233-1

SUSE-SU-2020_2237-1

SUSE-SU-2020_2269-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Libvirt

PT-2020-13976 · Red Hat+5 · Libvirt+6

CVE-2020-14339

Weakness Enumeration

Related Identifiers

Affected Products

References · 83