{
  "threat_severity" : "Moderate",
  "public_date" : "2020-08-04T00:00:00Z",
  "bugzilla" : {
    "description" : "libvirt: incorrect permissions on the UNIX domain socket allows local attacker to escalate privileges",
    "id" : "1866270",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1866270"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-732",
  "details" : [ "Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.", "A flaw was found in libvirt, where an incorrect permissions issue occurs on the UNIX domain socket. This flaw allows a local attacker to access libvirt and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, and system availability." ],
  "statement" : "This is an Ubuntu specific flaw. The versions of `libvirt` as shipped with Red Hat Enterprise Linux and RHEL Advanced Virtualization are not affected by this issue, as they leverage `polkit` for authentication. More specifically, the socket permission is 0666, and when an unprivileged user connects, `polkit` will validate the client and require them to provide the root password before `libvirt` allows any RPC calls to be performed.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "libvirt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "libvirt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "libvirt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "virt:rhel/libvirt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "fix_state" : "Not affected",
    "package_name" : "virt:8.2/libvirt",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "fix_state" : "Not affected",
    "package_name" : "virt:8.3/libvirt",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8"
  }, {
    "product_name" : "Red Hat Storage 3",
    "fix_state" : "Not affected",
    "package_name" : "libvirt",
    "cpe" : "cpe:/a:redhat:storage:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-15708\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15708" ],
  "name" : "CVE-2020-15708",
  "csaw" : false
}