Bug 1809740 (CVE-2019-20485) - CVE-2019-20485 libvirt: Potential DoS by holding a monitor job while querying QEMU guest-agent
Summary: CVE-2019-20485 libvirt: Potential DoS by holding a monitor job while querying...
Keywords:
Status: NEW
Alias: CVE-2019-20485
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1809743 1809744 1759566 1809741 1809745
Blocks: 1809535
TreeView+ depends on / blocked
 
Reported: 2020-03-03 19:22 UTC by Prasad J Pandit
Modified: 2020-08-05 10:11 UTC (History)
16 users (show)

Fixed In Version: libvirt-6.0.0
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the way the libvirtd daemon issued the 'suspend' command to a QEMU guest-agent running inside a guest, where it holds a monitor job while issuing the 'suspend' command to a guest-agent. A malicious guest-agent may use this flaw to block the libvirt daemon indefinitely, resulting in a denial of service.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Prasad J Pandit 2020-03-03 19:22:00 UTC
A flaw was found in the way Libvirtd daemon issued the 'suspend' command to a QEMU guest-agent running inside a guest. It holds a monitor job while issuing the 'suspend' command to a guest-agent. A malicious guest-agent may use this flaw to block the Libvirt daemon indefinitely resulting in a DoS scenario.

Upstream patch:
---------------
  -> https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc

Comment 1 Prasad J Pandit 2020-03-03 19:22:34 UTC
Created libvirt tracking bugs for this issue:

Affects: fedora-all [bug 1809741]

Comment 3 Prasad J Pandit 2020-03-03 19:33:18 UTC
Acknowledgments:

Name: Eric Blake (Red Hat Inc.)

Comment 4 Prasad J Pandit 2020-03-04 05:49:08 UTC
Statement:

This issue affects the version of the libvirt package as shipped with Red Hat Enterprise Linux 7, 8 and Red Hat Enterprise Linux Advanced Virtualization 8. Future libvirt updates for Red Hat Enterprise Linux 7, 8 and Red Hat Enterprise Linux Advanced Virtualization 8 may address this issue.

Red Hat Enterprise Linux version 5 and 6 are in Maintenance Support 2 Phase of the life cycle. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of the Red Hat Enterprise Linux version 5 and 6. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.


Note You need to log in before you can comment on or make changes to this bug.