Bug 1819163 (CVE-2020-10701) - CVE-2020-10701 libvirt: guest agent timeout can be set under read-only mode leading to DoS
Summary: CVE-2020-10701 libvirt: guest agent timeout can be set under read-only mode l...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2020-10701
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1819164
TreeView+ depends on / blocked
 
Reported: 2020-03-31 11:11 UTC by Marian Rehak
Modified: 2021-02-16 20:22 UTC (History)
16 users (show)

Fixed In Version: libvirt 6.2.0
Doc Type: If docs needed, set a value
Doc Text:
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service.
Clone Of:
Environment:
Last Closed: 2020-04-02 16:32:06 UTC


Attachments (Terms of Use)

Description Marian Rehak 2020-03-31 11:11:55 UTC
A bug was reported internally about a bug in libvirt allowing a user on a read-only to change the response timeout for all guest agent messages. Changing this timeout can potentially cause some commands to fail.

Comment 3 Mauro Matteo Cascella 2020-04-02 11:13:20 UTC
Statement:

This flaw did not affect the versions of `libvirt` as shipped with Red Hat Enterprise Linux 5, 6, 7, 8 and RHEL Advanced Virtualization, as they did not include the vulnerable code, which was introduced in a later version of the package. Specifically, `libvirt` API to change QEMU agent response timeout was added in `libvirt` upstream version v5.10.0.

Comment 6 Mauro Matteo Cascella 2020-04-03 14:37:08 UTC
Acknowledgments:

Name: Lili Zhu (Red Hat)


Note You need to log in before you can comment on or make changes to this bug.