redhat libvirt CVE-2020-25637 vulnerability in Red Hat and Other Products
Published on October 6, 2020

product logo product logo product logo
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is a Double-free Vulnerability?

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. When a program calls free() twice with the same argument, the program's memory management data structures become corrupted. This corruption can cause the program to crash or, in some circumstances, cause two later calls to malloc() to return the same pointer. If malloc() returns the same value twice and the program later gives the attacker control over the data that is written into this doubly-allocated memory, the program becomes vulnerable to a buffer overflow attack.

CVE-2020-25637 has been classified to as a Double-free vulnerability or weakness.


Products Associated with CVE-2020-25637

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-25637 are published in these products:

Red Hat Libvirt
 
Red Hat Enterprise Linux (RHEL)
 
Canonical Ubuntu Linux
 
OpenSuse Leap
 

Exploit Probability

EPSS
0.11%
Percentile
29.46%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.