Bug 1168683 (CVE-2020-10703) - VUL-0: CVE-2020-10703: libvirt: potential denial of service via active pool without target path
Summary: VUL-0: CVE-2020-10703: libvirt: potential denial of service via active pool w...
Status: RESOLVED FIXED
Alias: CVE-2020-10703
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/256486/
Whiteboard: CVSSv3.1:RedHat:CVE-2020-10703:6.5:(...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-06 07:25 UTC by Wolfgang Frisch
Modified: 2020-10-21 09:25 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-04-06 07:25:12 UTC
CVE-2020-10703

A flaw was found in libvirt. A pool created without a target path may lead to segmentation fault and denial of service. This issue may be triggered by a read only user.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1790725
https://bugzilla.redhat.com/show_bug.cgi?id=1816650
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10703
https://access.redhat.com/security/cve/CVE-2020-10703
Comment 2 Wolfgang Frisch 2020-04-06 07:35:52 UTC
The affected API `virStoragePoolObjListSearch` was introduced in `libvirt` upstream version v3.10.0:
https://github.com/libvirt/libvirt/commit/5d5c732d748d644ec14626bce448e84bdc4bd93e

Thus the following code streams are being tracked as affected:
SUSE:SLE-12-SP4:Update
SUSE:SLE-12-SP5:Update
SUSE:SLE-15:Update
SUSE:SLE-15-SP1:Update
Comment 3 James Fehlig 2020-04-08 23:05:43 UTC
Note to self: The patch was included in 6.0.0 so is already in SLE15 SP2.
Comment 4 James Fehlig 2020-04-10 23:33:02 UTC
(In reply to Wolfgang Frisch from comment #2)
> Thus the following code streams are being tracked as affected:
> SUSE:SLE-12-SP4:Update
> SUSE:SLE-12-SP5:Update
> SUSE:SLE-15:Update
> SUSE:SLE-15-SP1:Update

I backported the fix to all of these and have them queued in our associated devel projects (e.g. Devel:Virt:SLE-15-SP1/libvirt). Before submitting anything to maintenance it would be nice to have my long-standing question answered in the following CVE bug

https://bugzilla.suse.com/show_bug.cgi?id=1165616#c1
Comment 5 James Fehlig 2020-04-29 17:55:55 UTC
I've submitted maintenance requests for all affected code streams. I'm done so passing to the security team.
Comment 7 Swamp Workflow Management 2020-05-06 22:17:46 UTC
SUSE-SU-2020:1208-1: An update that solves two vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 1145774,1151850,1152649,1154093,1157490,1161883,1162160,1167007,1168683,1170765
CVE References: CVE-2020-10703,CVE-2020-12430
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    libvirt-5.1.0-8.16.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    libvirt-5.1.0-8.16.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    libvirt-5.1.0-8.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2020-05-14 16:22:22 UTC
SUSE-SU-2020:1277-1: An update that solves two vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1157490,1161883,1162160,1167007,1168683,1170765
CVE References: CVE-2020-10703,CVE-2020-12430
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    libvirt-5.1.0-13.6.2
SUSE Linux Enterprise Server 12-SP5 (src):    libvirt-5.1.0-13.6.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2020-05-15 19:17:30 UTC
SUSE-SU-2020:1289-1: An update that solves one vulnerability and has 6 fixes is now available.

Category: security (important)
Bug References: 1133719,1137137,1138734,1145586,1149100,1154093,1168683
CVE References: CVE-2020-10703
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    libvirt-4.0.0-8.20.2
SUSE Linux Enterprise Server 12-SP4 (src):    libvirt-4.0.0-8.20.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Alexandros Toptsoglou 2020-06-30 07:54:13 UTC
Done