Published: 06/10/2020 Updated: 01/04/2024

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

A double free memory issue was found to occur in the libvirt API, in versions prior to 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat libvirt
opensuse leap 15.1
opensuse leap 15.2

Debian Bug report logs - #971555 libvirt: CVE-2020-25637 Package: src:libvirt; Maintainer for src:libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Oct 2020 18:51:02 UTC Severity: important Tags: security, upstr ...

Several security issues were fixed in libvirt ...

Synopsis Moderate: virt:82 and virt-devel:82 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for the virt:82 and virt-devel:82 modules is now available for Advanced Virtualization for RHEL 821Red Hat Product Security has rated this update as having a security imp ...

Synopsis Moderate: libvirt security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for libvirt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ba ...

Synopsis Moderate: OpenShift Container Platform 4520 bug fix and golang security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4520 is now available with updates to packages and images that fix several bugsThis release includes a security update for ...

A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain This flaw affects the polkit access control driver Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulti ...

Double Free

CVE-2020-25637 *** Description *** Un problème de double mémoire libre s'est produit dans l'API libvirt, dans les versions antérieures à la version 680, chargée de demander des informations sur les interfaces réseau d'un domaine QEMU en c

Double Free

CVE-2020-25637 *** Description *** Un problème de double mémoire libre s'est produit dans l'API libvirt, dans les versions antérieures à la version 680, chargée de demander des informations sur les interfaces réseau d'un domaine QEMU en c

CWE-415 https://bugzilla.redhat.com/show_bug.cgi?id=1881037 http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00072.html https://security.gentoo.org/glsa/202210-06 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971555 https://ubuntu.com/security/notices/USN-5399-1 https://nvd.nist.gov

CVE-2020-25637

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect