CVE-2020-14339
Severity
8.8HIGH
EPSS
0.1%
top 77.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 3
Latest updateMay 24
Description
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0
Affected Packages3 packages
Also affects: Enterprise Linux 8.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-c772-g5j9-w9w8: A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process↗2022-05-24
OSV▶
CVE-2020-14339: A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process↗2020-12-03
CVEList▶
CVE-2020-14339: A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process↗2020-12-03
📋Vendor Advisories
2💬Community
3Bugzilla
▶
Bugzilla▶
CVE-2020-14339 mingw-libvirt: libvirt: leak of /dev/mapper/control into QEMU guests [fedora-all]↗2020-09-21