CVE-2020-15708 — CRITICAL (9.3)

Vulnerability Description

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.

CVSS Score

9.3

CRITICAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Canonical	Ubuntu Linux	20.04

Related Weaknesses (CWE)

CWE-732

References

https://usn.ubuntu.com/usn/usn-4452-1Vendor Advisory
https://usn.ubuntu.com/usn/usn-4452-1Vendor Advisory

FAQ

What is CVE-2020-15708?

CVE-2020-15708 is a vulnerability with a CVSS score of 9.3 (CRITICAL). Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.

How severe is CVE-2020-15708?

CVE-2020-15708 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-15708?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux.