CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3667 – libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API
https://notcve.org/view.php?id=CVE-2021-3667
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. Se ha encontrado un problema de bloqueo inapropiado en la API virStoragePoolLookupByTargetPath de libvirt. • https://bugzilla.redhat.com/show_bug.cgi?id=1986094 https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87 https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://security.gentoo.org/glsa/202210-06 https://security.netapp.com/advisory/ntap-20220331-0005 https://access.redhat.com/security/cve/CVE-2021-3667 • CWE-667: Improper Locking •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10701
https://notcve.org/view.php?id=CVE-2020-10701
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1819163 https://security.netapp.com/advisory/ntap-20210708-0001 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2020-14301 – libvirt: leak of sensitive cookie information via dumpxml
https://notcve.org/view.php?id=CVE-2020-14301
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command. Se encontró una vulnerabilidad de divulgación de información en libvirt en versiones anteriores a 6.3.0. Las cookies HTTP usadas para acceder a los discos basados ?? • https://bugzilla.redhat.com/show_bug.cgi?id=1848640 https://security.netapp.com/advisory/ntap-20210629-0007 https://access.redhat.com/security/cve/CVE-2020-14301 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1CVE-2020-25637 – libvirt: double free in qemuAgentGetInterfaces() in qemu_agent.c
https://notcve.org/view.php?id=CVE-2020-25637
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró que ocurría un problema de doble liberación de la memoria en la API de libvirt, en versiones anteriores a 6.8.0, responsable de pedir información sobre unas interfaces de red de un dominio QEMU en ejecución. • https://github.com/brahmiboudjema/CVE-2020-25637-libvirt-double-free http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html https://bugzilla.redhat.com/show_bug.cgi?id=1881037 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://security.gentoo.org/glsa/202210-06 https://access.redhat.com/security/cve/CVE-2020-25637 • CWE-415: Double Free •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14339 – libvirt: leak of /dev/mapper/control into QEMU guests
https://notcve.org/view.php?id=CVE-2020-14339
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en libvirt, donde filtró un descriptor de archivo para "/dev/mapper/control" en el proceso QEMU. • https://bugzilla.redhat.com/show_bug.cgi?id=1860069 https://security.gentoo.org/glsa/202101-22 https://security.gentoo.org/glsa/202210-06 https://access.redhat.com/security/cve/CVE-2020-14339 • CWE-772: Missing Release of Resource after Effective Lifetime •