CVE-2020-14339

NameCVE-2020-14339
Descriptionleak of /dev/mapper/control into QEMU guests
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs966563

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libvirt (PTS)stretch (security), stretch3.0.0-4+deb9u4fixed
buster5.0.0-4+deb10u1fixed
bullseye, sid6.5.0-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libvirtsourcestretch(not affected)
libvirtsourcebuster(not affected)
libvirtsource(unstable)(unfixed)966563

Notes

[buster] - libvirt <not-affected> (Vulnerable code introduced later)
[stretch] - libvirt <not-affected> (Vulnerable code introduced later)
https://bugzilla.redhat.com/show_bug.cgi?id=1860069
https://www.redhat.com/archives/libvir-list/2020-July/msg01500.html
Proposed patch: https://www.redhat.com/archives/libvir-list/2020-July/msg01501.html

Search for package or bug name: Reporting problems