Libvirt Security Notice: LSN-2020-0003

Leak of /dev/mapper/control into QEMU guest namespace

Lifecycle

Reported on: 20200717
Published on: 20200717
Fixed on: 20200725

Credits

Reported by: Cédric Jeanneret
Patched by: Michal Prívozník

See also

Description

The libvirt code popuplating the /dev tree in the QEMU guest's namespace was using libdevmapper to get the full dependency tree.

Impact

An open file descriptor to /dev/mapper/control was leaked to QEMU's guest namespace.

Workaround

There is no known workaround for this issue.

Affected product: libvirt

Branch master
Broken in: v6.2.0
Broken in: v6.3.0
Broken in: v6.4.0
Broken in: v6.5.0
Broken by: a30078cb832646177defd256e77c632905f1e6d0
Fixed by: 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e

Alternative formats: [xml] [text]