CVE-2021-3667 – libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API
https://notcve.org/view.php?id=CVE-2021-3667
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. Se ha encontrado un problema de bloqueo inapropiado en la API virStoragePoolLookupByTargetPath de libvirt. • https://bugzilla.redhat.com/show_bug.cgi?id=1986094 https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87 https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://security.gentoo.org/glsa/202210-06 https://security.netapp.com/advisory/ntap-20220331-0005 https://access.redhat.com/security/cve/CVE-2021-3667 • CWE-667: Improper Locking •
CVE-2020-10701
https://notcve.org/view.php?id=CVE-2020-10701
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1819163 https://security.netapp.com/advisory/ntap-20210708-0001 • CWE-862: Missing Authorization •
CVE-2020-25637 – libvirt: double free in qemuAgentGetInterfaces() in qemu_agent.c
https://notcve.org/view.php?id=CVE-2020-25637
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró que ocurría un problema de doble liberación de la memoria en la API de libvirt, en versiones anteriores a 6.8.0, responsable de pedir información sobre unas interfaces de red de un dominio QEMU en ejecución. • https://github.com/brahmiboudjema/CVE-2020-25637-libvirt-double-free http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html https://bugzilla.redhat.com/show_bug.cgi?id=1881037 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://security.gentoo.org/glsa/202210-06 https://access.redhat.com/security/cve/CVE-2020-25637 • CWE-415: Double Free •
CVE-2020-10703 – libvirt: Potential denial of service via active pool without target path
https://notcve.org/view.php?id=CVE-2020-10703
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service. Se detectó una desreferencia del puntero NULL en la API libvirt responsable que la introdujo en la versión anterior a 3.10.0, y corregida en libvirt versión 6.0.0, para extraer un grupo de almacenamiento basado en su ruta de destino. En más detalle, este fallo afecta a los grupos de almacenamiento creados sin una ruta de destino, tales como los grupos basados en red tales como Gluster y RBD. • https://bugzilla.redhat.com/show_bug.cgi?id=1790725 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10703 https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=5d5c732d748d644ec14626bce448e84bdc4bd93e https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 https://libvirt.org/git/? • CWE-476: NULL Pointer Dereference •
CVE-2020-12430
https://notcve.org/view.php?id=CVE-2020-12430
An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service. Se descubrió un problema en la función qemuDomainGetStatsIOThread en el archivo qemu/qemu_driver.c en libvirt versiones 4.10.0 hasta 6.x anteriores a 6.1.0. Se encontró una pérdida de memoria en la API libDirt de virDomainListGetStats que es responsable de recuperar las estadísticas del dominio al administrar invitados de QEMU. • https://bugzilla.redhat.com/show_bug.cgi?id=1804548 https://bugzilla.redhat.com/show_bug.cgi?id=1828190 https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2 https://security.netapp.com/advisory/ntap-20200518-0003 https://usn.ubuntu.com/4371-1 • CWE-401: Missing Release of Memory after Effective Lifetime •