CVE-2020-25637

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

History

01 Apr 2024, 13:16

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html -

Information

Published : 2020-10-06 14:15

Updated : 2024-04-01 13:16


NVD link : CVE-2020-25637

Mitre link : CVE-2020-25637

CVE.ORG link : CVE-2020-25637


JSON object : View

Products Affected

opensuse

  • leap

redhat

  • libvirt
CWE
CWE-415

Double Free