Libvirt Security Notice: LSN-2020-0001 ====================================== Summary: Denial of Service via storage pools without target paths Reported on: 20200114 Published on: 20200114 Fixed on: 20191222 Reported by: Yi Li Han Han Patched by: Yi Li See also: CVE-2020-10703 Description ----------- The implementation of the virStoragePoolLookupByTargetPath API crashed on network-based storage pools with missing target paths. Impact ------ A read-only client can cause a denial of service attack against a privileged client by crashing libvirtd if such a pool is known to libvirtd. Workaround ---------- The crash only happens on hosts with network-based storaged pools without a target path. Denying access to the readonly libvirt socket will avoid the potential for a denial of service attack, but will not prevent the out-of-bounds access from causing a crash for a privileged client, although such a crash is no longer a security problem. Affected product ---------------- Name: libvirt Repository: https://gitlab.com/libvirt/libvirt Branch: master Broken in: v4.1.0 Broken in: v4.2.0 Broken in: v4.3.0 Broken in: v4.4.0 Broken in: v4.5.0 Broken in: v4.6.0 Broken in: v4.7.0 Broken in: v4.8.0 Broken in: v4.9.0 Broken in: v4.10.0 Broken in: v5.0.0 Broken in: v5.1.0 Broken in: v5.2.0 Broken in: v5.3.0 Broken in: v5.4.0 Broken in: v5.5.0 Broken in: v5.6.0 Broken in: v5.7.0 Broken in: v5.8.0 Broken in: v5.9.0 Broken in: v5.10.0 Fixed in: v6.0.0 Broken by: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 Fixed by: dfff16a7c261f8d28e3abe60a47165f845fa952f Branch: v4.1-maint Broken by: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 Branch: v4.2-maint Broken by: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 Branch: v4.3-maint Broken by: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 Branch: v4.4-maint Broken by: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 Branch: v4.5-maint Broken by: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 Branch: v4.6-maint Broken by: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 Branch: v4.7-maint Broken by: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 Branch: v4.8-maint Broken by: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 Branch: v4.9-maint Broken by: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 Branch: v4.10-maint Broken by: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 Branch: v5.0-maint Broken by: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 Branch: v5.1-maint Broken by: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 Branch: v5.1.0-maint Broken by: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 Branch: v5.2-maint Broken by: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 Branch: v5.3-maint Broken by: 7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129