Security
Headlines
HeadlinesLatestCVEs

Headline

Gentoo Linux Security Advisory 202210-06

Gentoo Linux Security Advisory 202210-6 - Multiple vulnerabilities have been discovered in libvirt, the worst of which could result in denial of service. Versions less than 8.2.0 are affected.

Packet Storm
#vulnerability#web#mac#linux#dos

Gentoo Linux Security Advisory GLSA 202210-06


                                       https://security.gentoo.org/  

Severity: Low
Title: libvirt: Multiple Vulnerabilities
Date: October 16, 2022
Bugs: #746119, #799713, #812317, #836128
ID: 202210-06


Synopsis

Multiple vulnerabilities have been discovered in libvirt, the worst of
which could result in denial of service.

Background

libvirt is a C toolkit for manipulating virtual machines.

Affected packages

-------------------------------------------------------------------  
 Package              /     Vulnerable     /            Unaffected  
-------------------------------------------------------------------  

1 app-emulation/libvirt < 8.2.0 >= 8.2.0
2 dev-python/libvirt-python < 8.2.0 >= 8.2.0

Description

Multiple vulnerabilities have been discovered in libvirt. Please review
the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All libvirt users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=app-emulation/libvirt-8.2.0”

All libvirt-python users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=dev-python/libvirt-python-8.2.0”

References

[ 1 ] CVE-2020-14339
https://nvd.nist.gov/vuln/detail/CVE-2020-14339
[ 2 ] CVE-2020-25637
https://nvd.nist.gov/vuln/detail/CVE-2020-25637
[ 3 ] CVE-2021-3631
https://nvd.nist.gov/vuln/detail/CVE-2021-3631
[ 4 ] CVE-2021-3667
https://nvd.nist.gov/vuln/detail/CVE-2021-3667
[ 5 ] CVE-2022-0897
https://nvd.nist.gov/vuln/detail/CVE-2022-0897

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202210-06

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Related news

Ubuntu Security Notice USN-6126-1

Ubuntu Security Notice 6126-1 - It was discovered that libvirt incorrectly handled the nwfilter driver. A local attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. It was discovered that libvirt incorrectly handled queries for the SR-IOV PCI device capabilities. A local attacker could possibly use this issue to cause libvirt to consume resources, leading to a denial of service.

RHSA-2022:8003: Red Hat Security Advisory: libvirt security, bug fix, and enhancement update

An update for libvirt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0897: libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service

RHSA-2022:7472: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3507: QEMU: fdc: heap buffer overflow in DMA read data transfers * CVE-2022-0897: libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service * CVE-2022-2211: libguestfs: Buffer overflow in get_keys leads to DoS * CVE-2022-23645: swtpm: Unchecked header size indicator against expected size

CVE-2022-0897: nwfilter: fix crash when counting number of network filters (a4947e8f) · Commits · libvirt / libvirt · GitLab

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the `driver->nwfilters` mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the `driver->nwfilters` object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt’s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).

CVE-2022-0897: Invalid Bug ID

A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).

CVE-2021-3631: Red Hat Customer Portal - Access to 24x7 support and knowledge

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.

CVE-2021-3667: Invalid Bug ID

An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.

RHSA-2021:4191: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-15859: QEMU: net: e1000e: use-after-free while sending packets * CVE-2021-3592: QEMU: slirp: invalid pointer initialization may lead to information disclosure (bootp) * CVE-2021-3593: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp6) * CVE-2021-3594: QEMU: slirp: invalid pointer initi...

RHSA-2021:4191: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-15859: QEMU: net: e1000e: use-after-free while sending packets * CVE-2021-3592: QEMU: slirp: invalid pointer initialization may lead to information disclosure (bootp) * CVE-2021-3593: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp6) * CVE-2021-3594: QEMU: slirp: invalid pointer initi...

CVE-2020-14339: Invalid Bug ID

A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2020-25637: Invalid Bug ID

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution