PT-2020-3586 · Canonical+3 · Libvirt+4

Trent Shea

Published

2020-08-04

Updated

2024-06-15

CVE-2020-15708

CVSS v3.1

9.3

Critical

Vector

AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libvirt versions 20.04 LTS

Description The issue is related to incorrect permissions for a critical resource in the libvirt virtualization management library. An attacker could exploit this to overwrite arbitrary files or execute arbitrary code, potentially leading to privilege escalation.

Recommendations For libvirt version 20.04 LTS, consider restricting access to the control socket to prevent unauthorized modifications until a patch is available. As a temporary workaround, review and adjust the permissions of the control socket to prevent world read and write access.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

ALT-PU-2020-3005

ALT-PU-2021-1965

BDU:2020-03920

CVE-2020-15708

OPENSUSE-SU-2020:1777-1

OPENSUSE-SU-2020:1778-1

OPENSUSE-SU-2020_1777-1

OPENSUSE-SU-2020_1778-1

OPENSUSE-SU-2024:11008-1

SUSE-SU-2020:2969-1

SUSE-SU-2020:2970-1

SUSE-SU-2020:3037-1

SUSE-SU-2020:3038-1

SUSE-SU-2020:3039-1

SUSE-SU-2020:3095-1

SUSE-SU-2020:3143-1

SUSE-SU-2020_2969-1

SUSE-SU-2020_2970-1

SUSE-SU-2020_3037-1

SUSE-SU-2020_3038-1

SUSE-SU-2020_3039-1

SUSE-SU-2020_3095-1

SUSE-SU-2020_3143-1

USN-4452-1

ZDI-20-981

Affected Products

Alt Linux

Linuxmint

Suse

Ubuntu

Libvirt

PT-2020-3586 · Canonical+3 · Libvirt+4

CVE-2020-15708

Weakness Enumeration

Related Identifiers

Affected Products

References · 62