Gentoo update for libvirt
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2020-14339 CVE-2020-25637 CVE-2021-3631 CVE-2021-3667 CVE-2022-0897 |
| CWE-ID | CWE-200 CWE-415 CWE-732 CWE-667 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system dev-python/libvirt-python Operating systems & Components / Operating system package or component app-emulation/libvirt Operating systems & Components / Operating system package or component |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU46198
Risk: Medium
CVSSv3.1: 7.8 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14339
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to libvirt leaks a file descriptor for /dev/mapper/control. A remote user on guest operating system can obtain leaked descriptor address and escalate privileges on the system.
Update the affected packages.
app-emulation/libvirt to version: 8.2.0
dev-python/libvirt-python to version: 8.2.0
Gentoo Linux: All versions
dev-python/libvirt-python: before 8.2.0
app-emulation/libvirt: before 8.2.0
External linkshttp://security.gentoo.org/glsa/202210-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Double Free
EUVDB-ID: #VU48591
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-25637
CWE-ID:
CWE-415 - Double Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the libvirt API, responsible for requesting information about network interfaces of a running QEMU domain. A local client connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system.
MitigationUpdate the affected packages.
app-emulation/libvirt to version: 8.2.0
dev-python/libvirt-python to version: 8.2.0
Gentoo Linux: All versions
dev-python/libvirt-python: before 8.2.0
app-emulation/libvirt: before 8.2.0
External linkshttp://security.gentoo.org/glsa/202210-06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Incorrect permission assignment for critical resource
EUVDB-ID: #VU62735
Risk: Medium
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3631
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an error in the way SELinux MCS category pairs for VMs' dynamic labels in security/security_selinux.c. An attacker with access to the guest OS can access files labeled for another guest.
MitigationUpdate the affected packages.
app-emulation/libvirt to version: 8.2.0
dev-python/libvirt-python to version: 8.2.0
Gentoo Linux: All versions
dev-python/libvirt-python: before 8.2.0
app-emulation/libvirt: before 8.2.0
External linkshttp://security.gentoo.org/glsa/202210-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU62734
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3667
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.
The vulnerability exists due to double-locking error in the virStoragePoolLookupByTargetPath API in libvirt in storage/storage_driver.c. The storagePoolLookupByTargetPath() function does not properly release a locked object (virStoragePoolObj) on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions can use this vulnerability to acquire the lock and prevent other users from accessing storage pool/volume APIs. As a result a local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages.
app-emulation/libvirt to version: 8.2.0
dev-python/libvirt-python to version: 8.2.0
Gentoo Linux: All versions
dev-python/libvirt-python: before 8.2.0
app-emulation/libvirt: before 8.2.0
External linkshttp://security.gentoo.org/glsa/202210-06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU62739
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0897
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack (DoS).
The vulnerability exists due to double-locking error within the nwfilterConnectNumOfNWFilters() function in nwfilter/nwfilter_driver.c in libvirt. An local user can abuse the libvirt API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).
MitigationUpdate the affected packages.
app-emulation/libvirt to version: 8.2.0
dev-python/libvirt-python to version: 8.2.0
Gentoo Linux: All versions
dev-python/libvirt-python: before 8.2.0
app-emulation/libvirt: before 8.2.0
External linkshttp://security.gentoo.org/glsa/202210-06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
