Debian LTS DLA-3778-1 Severe: Libvirt Denial Of Service Flaws
debian lts
April 1, 2024
Multiple vulnerabilities were found in libvirt, a C toolkit to interact with the virtualization capabilities of Linux, which could lead to denial of service or information disclosu...
Topics Covered
Summary
CVE-2020-10703
A NULL pointer dereference was found in the libvirt API that is responsible for
fetching a storage pool based on its target path. In more detail, this flaw affects
storage pools created without a target path such as network-based pools like gluster
and RBD. Unprivileged users with a read-only connection could abuse this flaw to
crash the libvirt daemon, resulting in a potential denial of service.
CVE-2020-12430
A memory leak was found in the virDomainListGetStats libvirt API that is responsible
for retrieving domain statistics when managing QEMU guests. This flaw allows
unprivileged users with a read-only connection to cause a memory leak in the domstats
command, resulting in a potential denial of service.
CVE-2020-25637
A double free memory issue was found in the libvirt API that is responsible for
requesting information about network interfaces of a running QEMU domain. This flaw
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: libvirt
Version: 5.0.0-4+deb10u2
CVE ID: CVE-2020-10703 CVE-2020-12430 CVE-2020-25637 CVE-2021-3631
Debian Bug: 959447 971555 990709 991594 1002535 1009075 1066058 1067461
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!