CVE-2020-10703

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libvirt versions 3.10.0 through 5.x

Description A NULL pointer dereference was found in the libvirt API for fetching a storage pool based on its target path. This flaw affects storage pools created without a target path, such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.

Recommendations For libvirt versions 3.10.0 through 5.x, update to libvirt 6.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the libvirt daemon to prevent unprivileged users from exploiting the flaw.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2020:4676

ALT-PU-2020-1097

ALT-PU-2021-1690

ALT-PU-2021-1965

BDU:2021-04130

CESA-2020_4000

CESA-2020_4676

CVE-2020-10703

DLA-3778-1

MGASA-2020-0250

RHSA-2020:4000

RHSA-2020:4676

RHSA-2020_4000

RHSA-2020_4676

RLSA-2020:4676

SUSE-SU-2020:1208-1

SUSE-SU-2020:1250-1

SUSE-SU-2020:1277-1

SUSE-SU-2020:1289-1

SUSE-SU-2020_1208-1

SUSE-SU-2020_1250-1

SUSE-SU-2020_1277-1

SUSE-SU-2020_1289-1

USN-4371-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Red Hat

Rocky Linux

Suse

Ubuntu

Libvirt

CVE-2020-10703

Weakness Enumeration

Related Identifiers

Affected Products

References · 92