Libvirt Security Notice: LSN-2020-0003 ====================================== Summary: Leak of /dev/mapper/control into QEMU guest namespace Reported on: 20200717 Published on: 20200717 Fixed on: 20200725 Reported by: Cédric Jeanneret Patched by: Michal Prívozník See also: CVE-2020-10703 Description ----------- The libvirt code popuplating the /dev tree in the QEMU guest's namespace was using libdevmapper to get the full dependency tree. Impact ------ An open file descriptor to /dev/mapper/control was leaked to QEMU's guest namespace. Workaround ---------- There is no known workaround for this issue. Affected product ---------------- Name: libvirt Repository: https://gitlab.com/libvirt/libvirt Branch: master Broken in: v6.2.0 Broken in: v6.3.0 Broken in: v6.4.0 Broken in: v6.5.0 Broken by: a30078cb832646177defd256e77c632905f1e6d0 Fixed by: 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e