Libvirt Security Notice Index > 2020 > LSN-2020-0003 [xml] [text]

Libvirt Security Notice: LSN-2020-0003

Leak of /dev/mapper/control into QEMU guest namespace

Lifecycle

Reported on:	20200717
Published on:	20200717
Fixed on:	20200725

Credits

Reported by:	Cédric Jeanneret
Patched by:	Michal Prívozník

See also

CVE-2020-10703

Description

The libvirt code popuplating the /dev tree in the QEMU guest's namespace was using libdevmapper to get the full dependency tree.

Impact

An open file descriptor to /dev/mapper/control was leaked to QEMU's guest namespace.

Workaround

There is no known workaround for this issue.

Affected product: libvirt

Branch: master

Broken in:: v6.2.0
v6.3.0
v6.4.0
v6.5.0
Fixed in:
Broken by:: a30078cb832646177defd256e77c632905f1e6d0
Fixed by:: 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e

Alternative formats: [xml] [text]

Home

Website (via DuckDuckGo) Wiki (via DuckDuckGo) Developers list Users list

Contact

email
irc

Community

Contribute

edit this page

Participants in the libvirt project agree to abide by the project code of conduct