#VU28191 Resource management error in libvirt - CVE-2020-10703

Cybersecurity Help s.r.o.

Published: 2020-05-23

Vulnerability identifier: #VU28191

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-10703

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libvirt
Universal components / Libraries / Libraries used by multiple products

Vendor: libvirt.org

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources with the application when performing pool lookups within the storagePoolLookupByTargetPath() function in storage/storage_driver.c. A remote user can create a pool with empty target path and then perform search for an empty target, which results in libvirt crash.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

libvirt: 3.10.0 - 5.10.0

External links
https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=dfff16a7c261f8d28e3abe60a47165f845fa952f;hp=7a7d36055ce7c161e9309c7bad7f8e61be31c5b8
https://bugzilla.redhat.com/show_bug.cgi?id=1790725

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 8 update for the virt:rhel and virt-devel:rhel modules

Ubuntu update for libvirt

Denial of service in libvirt

Red Hat Enterprise Linux 7 update for libvirt