CVE-2020-25637

Name	CVE-2020-25637
Description	A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
References	DLA-2395-1
Debian Bugs	971555

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
libvirt (PTS)	buster	5.0.0-4+deb10u1	vulnerable
	bullseye	7.0.0-3	fixed
	bookworm, sid	9.0.0-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
libvirt	source	stretch	3.0.0-4+deb9u5		DLA-2395-1
libvirt	source	(unstable)	6.8.0-1			971555

Notes

[buster] - libvirt <no-dsa> (Minor issue)
Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=0977b8aa071de550e1a013d35e2c72615e65d520 (v1.2.14-rc1)
Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=955029bd0ad7ef96000f529ac38204a8f4a96401 (v6.8.0)
Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=50864dcda191eb35732dbd80fb6ca251a6bba923 (v6.8.0)
Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=e4116eaa44cb366b59f7fe98f4b88d04c04970ad (v6.8.0)
Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=a63b48c5ecef077bf0f909a85f453a605600cf05 (v6.8.0)