Libvirt Security Notice Index > 2020 > LSN-2020-0001 [xml] [text]

Libvirt Security Notice: LSN-2020-0001

Denial of Service via storage pools without target paths

Lifecycle

Reported on:	20200114
Published on:	20200114
Fixed on:	20191222

Credits

Reported by:	Yi Li
	Han Han
Patched by:	Yi Li

See also

CVE-2020-10703

Description

The implementation of the virStoragePoolLookupByTargetPath API crashed on network-based storage pools with missing target paths.

Impact

A read-only client can cause a denial of service attack against a privileged client by crashing libvirtd if such a pool is known to libvirtd.

Workaround

The crash only happens on hosts with network-based storaged pools without a target path. Denying access to the readonly libvirt socket will avoid the potential for a denial of service attack, but will not prevent the out-of-bounds access from causing a crash for a privileged client, although such a crash is no longer a security problem.

Affected product: libvirt

Branch: master

Broken in:: v4.1.0
v4.2.0
v4.3.0
v4.4.0
v4.5.0
v4.6.0
v4.7.0
v4.8.0
v4.9.0
v4.10.0
v5.0.0
v5.1.0
v5.2.0
v5.3.0
v5.4.0
v5.5.0
v5.6.0
v5.7.0
v5.8.0
v5.9.0
v5.10.0
Fixed in:: v6.0.0
Broken by:: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
Fixed by:: dfff16a7c261f8d28e3abe60a47165f845fa952f

Branch: v4.1-maint

Broken in:
Fixed in:
Broken by:: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
Fixed by:

Branch: v4.2-maint

Broken in:
Fixed in:
Broken by:: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
Fixed by:

Branch: v4.3-maint

Broken in:
Fixed in:
Broken by:: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
Fixed by:

Branch: v4.4-maint

Broken in:
Fixed in:
Broken by:: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
Fixed by:

Branch: v4.5-maint

Broken in:
Fixed in:
Broken by:: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
Fixed by:

Branch: v4.6-maint

Broken in:
Fixed in:
Broken by:: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
Fixed by:

Branch: v4.7-maint

Broken in:
Fixed in:
Broken by:: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
Fixed by:

Branch: v4.8-maint

Broken in:
Fixed in:
Broken by:: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
Fixed by:

Branch: v4.9-maint

Broken in:
Fixed in:
Broken by:: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
Fixed by:

Branch: v4.10-maint

Broken in:
Fixed in:
Broken by:: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
Fixed by:

Branch: v5.0-maint

Broken in:
Fixed in:
Broken by:: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
Fixed by:

Branch: v5.1-maint

Broken in:
Fixed in:
Broken by:: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
Fixed by:

Branch: v5.1.0-maint

Broken in:
Fixed in:
Broken by:: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
Fixed by:

Branch: v5.2-maint

Broken in:
Fixed in:
Broken by:: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
Fixed by:

Branch: v5.3-maint

Broken in:
Fixed in:
Broken by:: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
Fixed by:

Alternative formats: [xml] [text]

Home

Website (via DuckDuckGo) Wiki (via DuckDuckGo) Developers list Users list

Contact

email
irc

Community

Contribute

edit this page

Participants in the libvirt project agree to abide by the project code of conduct