Home > Vulnerability Database > CVE-2020-14339

Mend.io Vulnerability Database

CVE-2020-14339

Good to know:

Date: December 2, 2020

A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Language: C

Severity Score

8.8

Related Resources (8)

Url: https://security.gentoo.org/glsa/202210-06

Url: https://access.redhat.com/security/cve/CVE-2020-14339

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1860069

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-14339

Url: https://security.gentoo.org/glsa/202101-22

Url: https://security.alpinelinux.org/vuln/CVE-2020-14339

Url: https://security-tracker.debian.org/tracker/CVE-2020-14339

Url: https://www.mend.io/vulnerability-database/CVE-2020-14339

Severity Score

8.8

Weakness Type (CWE)

Missing Release of Resource after Effective Lifetime

CWE-772

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.2
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-14339

Good to know:

Date: December 2, 2020

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?