CVE-2019-20485

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078

https://bugzilla.redhat.com/show_bug.cgi?id=1809740

https://libvirt.org/git/?p=libvirt.git;a=commit;h=a663a860819287e041c3de672aad1d8543098ecc

https://lists.fedoraproject.org/archives/list/[email protected]/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2/

https://security-tracker.debian.org/tracker/CVE-2019-20485

https://www.mail-archive.com/[email protected]/msg1730509.html

Details

Source: MITRE

Published: 2020-03-19

Updated: 2020-06-16

Type: CWE-20

Risk Information

CVSS v2

Base Score: 2.7

Vector: AV:A/AC:L/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 5.1

Severity: LOW

CVSS v3

Base Score: 5.7

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.1

Severity: MEDIUM

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
146032CentOS 8 : virt:rhel and virt-devel:rhel (CESA-2020:4676)NessusCentOS Local Security Checks
high
142728Amazon Linux 2 : libvirt (ALAS-2020-1557)NessusAmazon Linux Local Security Checks
medium
142449RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2020:4676)NessusRed Hat Local Security Checks
high
141679Scientific Linux Security Update : libvirt on SL7.x x86_64 (20201001)NessusScientific Linux Local Security Checks
medium
141658EulerOS Virtualization 3.0.2.2 : libvirt (EulerOS-SA-2020-2209)NessusHuawei Local Security Checks
high
141632CentOS 7 : libvirt (CESA-2020:4000)NessusCentOS Local Security Checks
medium
141027RHEL 7 : libvirt (RHSA-2020:4000)NessusRed Hat Local Security Checks
medium
138008EulerOS Virtualization 3.0.6.0 : libvirt (EulerOS-SA-2020-1789)NessusHuawei Local Security Checks
medium
137794EulerOS Virtualization for ARM 64 3.0.6.0 : libvirt (EulerOS-SA-2020-1687)NessusHuawei Local Security Checks
medium
137425Fedora 31 : libvirt (2020-5cd83efda7)NessusFedora Local Security Checks
medium
136275EulerOS Virtualization for ARM 64 3.0.2.0 : libvirt (EulerOS-SA-2020-1572)NessusHuawei Local Security Checks
medium
136034Photon OS 1.0: Libvirt PHSA-2020-1.0-0289NessusPhotonOS Local Security Checks
medium
135865Photon OS 2.0: Libvirt PHSA-2020-2.0-0228NessusPhotonOS Local Security Checks
medium
135783Photon OS 3.0: Libvirt PHSA-2020-3.0-0078NessusPhotonOS Local Security Checks
medium