Bug 1860069 (CVE-2020-14339)
Summary: | CVE-2020-14339 libvirt: leak of /dev/mapper/control into QEMU guests | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | agedosier, berrange, clalancette, eblake, erik-fedora, itamar, jdenemar, jforbes, jsuchane, knoel, laine, libvirt-maint, marcandre.lureau, pkrempa, rjones, veillard, virt-maint, virt-maint |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | libvirt 6.6.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-09-01 13:17:34 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1860098, 1860421, 1860874, 1860875, 1881034, 1881035, 1910618 | ||
Bug Blocks: | 1859205 |
Description
Mauro Matteo Cascella
2020-07-23 16:24:34 UTC
Acknowledgments: Name: Daniel Berrange (Red Hat) Statement: This flaw was introduced in `libvirt` version 6.2.0. Red Hat Enterprise Linux 5, 6, 7, and 8 are not affected by this issue as they shipped an older version of the `libvirt` package which did not include the vulnerable code. This issue affects versions of the `libvirt` package as shipped with Red Hat Enterprise Linux Advanced Virtualization 8. Future `libvirt` package updates for Red Hat Enterprise Linux Advanced Virtualization 8 may address this issue. Mitigation: This issue is mitigated on Red Hat Enterprise Linux if SELinux is in enforcing mode, which prevents the `/dev/mapper/control` file descriptor from being accessible by a guest user/process. This issue has been addressed in the following products: Advanced Virtualization for RHEL 8.2.1 Via RHSA-2020:3586 https://access.redhat.com/errata/RHSA-2020:3586 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14339 Created mingw-libvirt tracking bugs for this issue: Affects: fedora-all [bug 1881035] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4676 https://access.redhat.com/errata/RHSA-2020:4676 |