Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2020-14339

Published: 03/12/2020 Updated: 07/11/2022
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 8.8 | Impact Score: 6 | Exploitability Score: 2
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Enterprise Linux

Vulnerability Summary

A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux 8.0

redhat libvirt

Vendor Advisories

Debian CVElist Bug Report Logs: libvirt: CVE-2020-14339
Debian Bug report logs - #966563 libvirt: CVE-2020-14339 Package: src:libvirt; Maintainer for src:libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 30 Jul 2020 18:15:02 UTC Severity: important Tags: security, upstr ...
Red Hat: Important: virt:8.2 and virt-devel:8.2 security and bug fix update
Synopsis Important: virt:82 and virt-devel:82 security and bug fix update Type/Severity Security Advisory: Important Topic An update for the virt:82 and virt-devel:82 modules is now available for Advanced Virtualization for RHEL 821Red Hat Product Security has rated this update as having a security i ...
Red Hat: Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
Synopsis Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a securi ...
Arch Linux Issues:
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process This file descriptor allows for privileged operations to happen against the device-mapper on the host This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing ser ...

References

CWE-772https://bugzilla.redhat.com/show_bug.cgi?id=1860069https://security.gentoo.org/glsa/202101-22https://security.gentoo.org/glsa/202210-06https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966563https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook