Bug 1170765 (CVE-2020-12430) - VUL-1: CVE-2020-12430: libvirt: users on a read-only connection may cause a memory leak in domstats, resulting in a potential denial of service
Summary: VUL-1: CVE-2020-12430: libvirt: users on a read-only connection may cause a m...
Status: RESOLVED FIXED
Alias: CVE-2020-12430
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/258744
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-29 04:53 UTC by Wolfgang Frisch
Modified: 2024-05-10 08:00 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-04-29 04:53:17 UTC 
CVE-2020-12430

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 through 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1828190
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12430
https://libvirt.org/git/?p=libvirt.git;a=commit;h=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581
Comment 1 Wolfgang Frisch 2020-04-29 05:03:56 UTC 
This memory leak first appeared in libvirt 4.10.0 [0][1].

Affected code streams:
SUSE:SLE-12-SP5:Update
SUSE:SLE-15-SP1:Update

[0] https://www.libvirt.org/news.html#v4.10.0
[1] https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=d1eac92784573559b6fd56836e33b215c89308e3
Comment 2 James Fehlig 2020-04-29 17:46:03 UTC 
This bug affects SLE12 SP5 and SLE15 SP1/2. I've submitted the fix to 15 SP2 for the next milestone, and to 12 SP5 and 15 SP1 for maintenance. I think I'm done so passing to the security team.
Comment 4 Swamp Workflow Management 2020-05-06 22:17:52 UTC 
SUSE-SU-2020:1208-1: An update that solves two vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 1145774,1151850,1152649,1154093,1157490,1161883,1162160,1167007,1168683,1170765
CVE References: CVE-2020-10703,CVE-2020-12430
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    libvirt-5.1.0-8.16.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    libvirt-5.1.0-8.16.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    libvirt-5.1.0-8.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2020-05-14 16:22:29 UTC 
SUSE-SU-2020:1277-1: An update that solves two vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1157490,1161883,1162160,1167007,1168683,1170765
CVE References: CVE-2020-10703,CVE-2020-12430
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    libvirt-5.1.0-13.6.2
SUSE Linux Enterprise Server 12-SP5 (src):    libvirt-5.1.0-13.6.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Alexandros Toptsoglou 2020-07-10 14:52:59 UTC 
Done