Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 739948 (CVE-2020-14339) - <app-emulation/libvirt-6.7.0: Unintended access to /dev/mapper/control (CVE-2020-14339)
Summary: <app-emulation/libvirt-6.7.0: Unintended access to /dev/mapper/control (CVE-2...
Status: IN_PROGRESS
Alias: CVE-2020-14339
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: C1 [glsa]
Keywords: STABLEREQ
Depends on: CVE-2020-25637
Blocks:
  Show dependency tree
 
Reported: 2020-09-02 03:01 UTC by Sam James
Modified: 2021-01-18 00:38 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-09-02 03:01:55 UTC
Description:
"A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
Comment 1 Sam James archtester gentoo-dev Security 2020-09-02 03:02:46 UTC
In 6.6.0's release notes:
" virdevmapper: Don't use libdevmapper to obtain dependencies

    When building domain's private /dev in a namespace, libdevmapper was consulted for getting full dependency tree of domain's disks. However, this meant that libdevmapper opened /dev/mapper/control which wasn't closed and was leaked to QEMU. CVE-2020-14339"

Please bump to 6.6.0.
Comment 2 Matthias Maier gentoo-dev 2020-10-01 23:50:34 UTC
commit 21b2340aff308620f996e7de4123908050f92fdd
Author: Jonathan Davies <jpds@protonmail.com>
Date:   Sat Sep 26 22:10:34 2020 +0000

    app-emulation/libvirt: Version updated to 6.7.0.
    
    Signed-off-by: Jonathan Davies <jpds@protonmail.com>
    Signed-off-by: Matthias Maier <tamiko@gentoo.org>
Comment 3 Matthias Maier gentoo-dev 2020-10-01 23:53:37 UTC
Arches, please stabilize libvirt-6.7.0
Comment 4 Sam James archtester gentoo-dev Security 2020-10-05 23:23:10 UTC
amd64 done
Comment 5 Sam James archtester gentoo-dev Security 2020-10-05 23:24:02 UTC
x86 done

all arches done
Comment 6 Sam James archtester gentoo-dev Security 2020-10-05 23:24:56 UTC
Please cleanup. Thanks!
Comment 7 NATTkA bot gentoo-dev 2020-10-05 23:25:40 UTC Comment hidden (obsolete)
Comment 8 Larry the Git Cow gentoo-dev 2020-10-07 15:43:20 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63a74aaa80159c39749f74edac9b9c77a766c98b

commit 63a74aaa80159c39749f74edac9b9c77a766c98b
Author:     Matthias Maier <tamiko@gentoo.org>
AuthorDate: 2020-10-07 15:42:15 +0000
Commit:     Matthias Maier <tamiko@gentoo.org>
CommitDate: 2020-10-07 15:42:15 +0000

    app-emulation/libvirt: drop vulnerable
    
    Bug: https://bugs.gentoo.org/739948
    Package-Manager: Portage-3.0.8, Repoman-3.0.1
    Signed-off-by: Matthias Maier <tamiko@gentoo.org>

 app-emulation/libvirt/Manifest                     |   2 -
 .../files/libvirt-6.0.0-do-not-use-sysconf.patch   | 150 ---------
 .../libvirt-6.1.0-fix-paths-for-apparmor.patch     |  70 ----
 .../files/libvirt-6.5.0-do-not-use-sysconfig.patch | 245 --------------
 .../libvirt-6.5.0-fix-paths-for-apparmor.patch     |  82 -----
 app-emulation/libvirt/libvirt-6.2.0-r2.ebuild      | 356 ---------------------
 app-emulation/libvirt/libvirt-6.5.0-r1.ebuild      | 355 --------------------
 7 files changed, 1260 deletions(-)
Comment 9 NATTkA bot gentoo-dev 2020-12-25 20:04:58 UTC
Unable to check for sanity:

> no match for package: app-emulation/libvirt-6.7.0