Wind River Support Network

HomeDefectsLIN1018-6257
Fixed

LIN1018-6257 : Security Advisory - libvirt - CVE-2020-10703

Created: Jun 3, 2020    Updated: Jun 21, 2020
Resolved Date: Jun 21, 2020
Found In Version: 10.18.44.1
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: Userspace

Description

A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.

CREATE(Triage):(User=admin) [CVE-2020-10703|https://nvd.nist.gov/vuln/detail/CVE-2020-10703]

CVEs


Live chat
Online