CVE-2020-25637
Severity
6.7MEDIUM
EPSS
0.1%
top 70.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 6
Latest updateMay 24
Description
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerabili…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9
Affected Packages4 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-2qf3-2mv6-pggh: A double free memory issue was found to occur in the libvirt API, in versions before 6↗2022-05-24
OSV▶
CVE-2020-25637: A double free memory issue was found to occur in the libvirt API, in versions before 6↗2020-10-06
CVEList▶
CVE-2020-25637: A double free memory issue was found to occur in the libvirt API, in versions before 6↗2020-10-06
📋Vendor Advisories
4Microsoft▶
A double free memory issue was found to occur in the libvirt API in versions before 6.8.0 responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects th↗2020-10-13
Debian▶
CVE-2020-25637: libvirt - A double free memory issue was found to occur in the libvirt API, in versions be...↗2020