Document the fix of leaking /dev/mapper/control to QEMU (fixed in
v6.6.0-rc1-3-g2249455654).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
NEWS.rst | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index ff977968c7..8b53d21b8a 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -33,6 +33,13 @@ v6.6.0 (unreleased)
* **Bug fixes**
+ * virdevmapper: Don't use libdevmapper to obtain dependencies
+
+ When building domain's private ``/dev`` in a namespace, libdevmapper was
+ consulted for getting full dependency tree of domain's disks. However, this
+ meant that libdevmapper opened ``/dev/mapper/control`` which wasn't closed
+ and was leaked to QEMU. CVE-2020-14339
+
v6.5.0 (2020-07-03)
===================
--
2.26.2
On Mon, Jul 27, 2020 at 09:54:50 +0200, Michal Privoznik wrote: > Document the fix of leaking /dev/mapper/control to QEMU (fixed in > v6.6.0-rc1-3-g2249455654). > > Signed-off-by: Michal Privoznik <mprivozn@redhat.com> > --- > NEWS.rst | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/NEWS.rst b/NEWS.rst > index ff977968c7..8b53d21b8a 100644 > --- a/NEWS.rst > +++ b/NEWS.rst > @@ -33,6 +33,13 @@ v6.6.0 (unreleased) > > * **Bug fixes** > > + * virdevmapper: Don't use libdevmapper to obtain dependencies > + > + When building domain's private ``/dev`` in a namespace, libdevmapper was > + consulted for getting full dependency tree of domain's disks. However, this > + meant that libdevmapper opened ``/dev/mapper/control`` which wasn't closed > + and was leaked to QEMU. CVE-2020-14339 I see that these were pushed now, but I can't find them in the list. I presume you went through libvirt-security for review. Please post them to libvir-list anyways for future reference.
On 7/27/20 10:04 AM, Peter Krempa wrote: > On Mon, Jul 27, 2020 at 09:54:50 +0200, Michal Privoznik wrote: >> Document the fix of leaking /dev/mapper/control to QEMU (fixed in >> v6.6.0-rc1-3-g2249455654). >> >> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> >> --- >> NEWS.rst | 7 +++++++ >> 1 file changed, 7 insertions(+) >> >> diff --git a/NEWS.rst b/NEWS.rst >> index ff977968c7..8b53d21b8a 100644 >> --- a/NEWS.rst >> +++ b/NEWS.rst >> @@ -33,6 +33,13 @@ v6.6.0 (unreleased) >> >> * **Bug fixes** >> >> + * virdevmapper: Don't use libdevmapper to obtain dependencies >> + >> + When building domain's private ``/dev`` in a namespace, libdevmapper was >> + consulted for getting full dependency tree of domain's disks. However, this >> + meant that libdevmapper opened ``/dev/mapper/control`` which wasn't closed >> + and was leaked to QEMU. CVE-2020-14339 > > I see that these were pushed now, but I can't find them in the list. I > presume you went through libvirt-security for review. Please post them > to libvir-list anyways for future reference. > Indeed. The bug was made private (mistakenly) for a brief moment thus I figured to send the patches on the -security list. Then the mistake was fixed and now I look like I don't know what I'm doing (which is not necessarily untrue :-D). Michal
On Mon, 2020-07-27 at 09:54 +0200, Michal Privoznik wrote: > Document the fix of leaking /dev/mapper/control to QEMU (fixed in > v6.6.0-rc1-3-g2249455654). > > Signed-off-by: Michal Privoznik <mprivozn@redhat.com> > --- > NEWS.rst | 7 +++++++ > 1 file changed, 7 insertions(+) Reviewed-by: Andrea Bolognani <abologna@redhat.com> -- Andrea Bolognani / Red Hat / Virtualization
© 2016 - 2024 Red Hat, Inc.