Ubuntu update for libvirt
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2020-25637 CVE-2021-3631 CVE-2021-3667 CVE-2021-3975 CVE-2021-4147 CVE-2022-0897 |
| CWE-ID | CWE-415 CWE-732 CWE-667 CWE-416 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system libvirt0 (Ubuntu package) Operating systems & Components / Operating system package or component libvirt-daemon-system (Ubuntu package) Operating systems & Components / Operating system package or component libvirt-daemon (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Double Free
EUVDB-ID: #VU48591
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2020-25637
CWE-ID:
CWE-415 - Double Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the libvirt API, responsible for requesting information about network interfaces of a running QEMU domain. A local client connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system.
MitigationUpdate the affected package libvirt to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
libvirt0 (Ubuntu package): before 4.0.0-1ubuntu8.21
libvirt-daemon-system (Ubuntu package): before 4.0.0-1ubuntu8.21
libvirt-daemon (Ubuntu package): before 4.0.0-1ubuntu8.21
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:21.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libvirt0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvirt-daemon-system_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvirt-daemon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5399-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Incorrect permission assignment for critical resource
EUVDB-ID: #VU62735
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-3631
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an error in the way SELinux MCS category pairs for VMs' dynamic labels in security/security_selinux.c. An attacker with access to the guest OS can access files labeled for another guest.
MitigationUpdate the affected package libvirt to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
libvirt0 (Ubuntu package): before 4.0.0-1ubuntu8.21
libvirt-daemon-system (Ubuntu package): before 4.0.0-1ubuntu8.21
libvirt-daemon (Ubuntu package): before 4.0.0-1ubuntu8.21
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:21.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libvirt0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvirt-daemon-system_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvirt-daemon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5399-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper locking
EUVDB-ID: #VU62734
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3667
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.
The vulnerability exists due to double-locking error in the virStoragePoolLookupByTargetPath API in libvirt in storage/storage_driver.c. The storagePoolLookupByTargetPath() function does not properly release a locked object (virStoragePoolObj) on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions can use this vulnerability to acquire the lock and prevent other users from accessing storage pool/volume APIs. As a result a local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package libvirt to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
libvirt0 (Ubuntu package): before 4.0.0-1ubuntu8.21
libvirt-daemon-system (Ubuntu package): before 4.0.0-1ubuntu8.21
libvirt-daemon (Ubuntu package): before 4.0.0-1ubuntu8.21
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:21.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libvirt0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvirt-daemon-system_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvirt-daemon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5399-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU58358
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3975
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in the qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF. An unprivileged client with a read-only connection can trigger the use-after-free error by calling the virConnectGetAllDomainStats API and crash the application.
Update the affected package libvirt to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
libvirt0 (Ubuntu package): before 4.0.0-1ubuntu8.21
libvirt-daemon-system (Ubuntu package): before 4.0.0-1ubuntu8.21
libvirt-daemon (Ubuntu package): before 4.0.0-1ubuntu8.21
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:21.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libvirt0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvirt-daemon-system_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvirt-daemon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5399-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU62737
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-4147
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.
The vulnerability exists due to double-locking error in the libvirt libxl driver in libxl/libxl_domain.c. A malicious guest can continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition
MitigationUpdate the affected package libvirt to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
libvirt0 (Ubuntu package): before 4.0.0-1ubuntu8.21
libvirt-daemon-system (Ubuntu package): before 4.0.0-1ubuntu8.21
libvirt-daemon (Ubuntu package): before 4.0.0-1ubuntu8.21
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:21.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libvirt0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvirt-daemon-system_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvirt-daemon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5399-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper locking
EUVDB-ID: #VU62739
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0897
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack (DoS).
The vulnerability exists due to double-locking error within the nwfilterConnectNumOfNWFilters() function in nwfilter/nwfilter_driver.c in libvirt. An local user can abuse the libvirt API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).
MitigationUpdate the affected package libvirt to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 21.10
libvirt0 (Ubuntu package): before 4.0.0-1ubuntu8.21
libvirt-daemon-system (Ubuntu package): before 4.0.0-1ubuntu8.21
libvirt-daemon (Ubuntu package): before 4.0.0-1ubuntu8.21
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:21.10:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libvirt0_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvirt-daemon-system_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:libvirt-daemon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5399-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
