Updated: 2024-11-21 20:02:01.267591
Description:
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | HIGH | 7.2 |
CVSS Version 3.x | MEDIUM | 6.7 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
CentOS 6 ELS | libvirt | 0.10.2 | 6.7 | MEDIUM | Not Vulnerable | 2021-12-09 07:57:04 | ||
CentOS 8.4 ELS | libvirt | 6.0.0-35.1 | 6.7 | MEDIUM | Already Fixed | 2023-11-29 10:11:45 | ||
CentOS 8.5 ELS | libvirt | 6.0.0-37 | 6.7 | MEDIUM | Already Fixed | 2023-11-29 10:11:45 | ||
CloudLinux 6 ELS | libvirt | 0.10.2 | 6.7 | MEDIUM | Not Vulnerable | 2021-12-09 07:57:04 | ||
Oracle Linux 6 ELS | libvirt | 0.10.2 | 6.7 | MEDIUM | Not Vulnerable | 2021-12-09 07:57:04 | ||
Ubuntu 16.04 ELS | libvirt | 1.3.1-1 | 6.7 | MEDIUM | Ignored | 2023-11-02 05:07:28 | ||
Ubuntu 18.04 ELS | libvirt | 4.0.0-1 | 6.7 | MEDIUM | Ignored | 2023-11-02 05:07:28 |