High severity8.8NVD Advisory· Published Dec 3, 2020· Updated Jun 17, 2026
CVE-2020-14339
CVE-2020-14339
Description
A flaw was found in libvirt, where it leaked a file descriptor for /dev/mapper/control into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
82- osv-coords80 versionspkg:rpm/almalinux/hivexpkg:rpm/almalinux/hivex-develpkg:rpm/almalinux/libguestfs-winsupportpkg:rpm/almalinux/libiscsipkg:rpm/almalinux/libiscsi-develpkg:rpm/almalinux/libiscsi-utilspkg:rpm/almalinux/libnbdpkg:rpm/almalinux/libnbd-develpkg:rpm/almalinux/libvirtpkg:rpm/almalinux/libvirt-adminpkg:rpm/almalinux/libvirt-bash-completionpkg:rpm/almalinux/libvirt-clientpkg:rpm/almalinux/libvirt-daemonpkg:rpm/almalinux/libvirt-daemon-config-networkpkg:rpm/almalinux/libvirt-daemon-config-nwfilterpkg:rpm/almalinux/libvirt-daemon-driver-interfacepkg:rpm/almalinux/libvirt-daemon-driver-networkpkg:rpm/almalinux/libvirt-daemon-driver-nodedevpkg:rpm/almalinux/libvirt-daemon-driver-nwfilterpkg:rpm/almalinux/libvirt-daemon-driver-secretpkg:rpm/almalinux/libvirt-daemon-driver-storagepkg:rpm/almalinux/libvirt-daemon-driver-storage-corepkg:rpm/almalinux/libvirt-daemon-driver-storage-diskpkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsipkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsi-directpkg:rpm/almalinux/libvirt-daemon-driver-storage-logicalpkg:rpm/almalinux/libvirt-daemon-driver-storage-mpathpkg:rpm/almalinux/libvirt-daemon-driver-storage-rbdpkg:rpm/almalinux/libvirt-daemon-driver-storage-scsipkg:rpm/almalinux/libvirt-dbuspkg:rpm/almalinux/libvirt-develpkg:rpm/almalinux/libvirt-docspkg:rpm/almalinux/libvirt-libspkg:rpm/almalinux/libvirt-nsspkg:rpm/almalinux/nbdfusepkg:rpm/almalinux/nbdkitpkg:rpm/almalinux/nbdkit-bash-completionpkg:rpm/almalinux/nbdkit-basic-filterspkg:rpm/almalinux/nbdkit-basic-pluginspkg:rpm/almalinux/nbdkit-curl-pluginpkg:rpm/almalinux/nbdkit-develpkg:rpm/almalinux/nbdkit-example-pluginspkg:rpm/almalinux/nbdkit-gzip-pluginpkg:rpm/almalinux/nbdkit-linuxdisk-pluginpkg:rpm/almalinux/nbdkit-python-pluginpkg:rpm/almalinux/nbdkit-serverpkg:rpm/almalinux/nbdkit-ssh-pluginpkg:rpm/almalinux/nbdkit-vddk-pluginpkg:rpm/almalinux/nbdkit-xz-filterpkg:rpm/almalinux/netcfpkg:rpm/almalinux/netcf-develpkg:rpm/almalinux/netcf-libspkg:rpm/almalinux/ocaml-hivexpkg:rpm/almalinux/ocaml-hivex-develpkg:rpm/almalinux/ocaml-libguestfspkg:rpm/almalinux/ocaml-libguestfs-develpkg:rpm/almalinux/ocaml-libnbdpkg:rpm/almalinux/ocaml-libnbd-develpkg:rpm/almalinux/perl-hivexpkg:rpm/almalinux/perl-Sys-Virtpkg:rpm/almalinux/python3-hivexpkg:rpm/almalinux/python3-libnbdpkg:rpm/almalinux/python3-libvirtpkg:rpm/almalinux/ruby-hivexpkg:rpm/almalinux/seabiospkg:rpm/almalinux/seabios-binpkg:rpm/almalinux/seavgabios-binpkg:rpm/almalinux/sgabiospkg:rpm/almalinux/sgabios-binpkg:rpm/almalinux/superminpkg:rpm/almalinux/supermin-develpkg:rpm/opensuse/libvirt&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/libvirt&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 1.3.18-20.module_el8.3.0+2048+e7a0a3ea+ 79 more
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 8.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 0.2.8-12.module_el8.5.0+2608+72063365
- (no CPE)range: < 0.2.8-12.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1:1.40.2-25.module_el8.3.0+2048+e7a0a3ea.alma
- (no CPE)range: < 1:1.40.2-25.module_el8.3.0+2048+e7a0a3ea.alma
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.2-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 6.0.0-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.2.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-1.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.3.18-20.module_el8.3.0+2048+e7a0a3ea
- (no CPE)range: < 1.13.0-2.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.13.0-2.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.13.0-2.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:0.20170427git-3.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:0.20170427git-3.module_el8.5.0+2608+72063365
- (no CPE)range: < 5.1.19-10.module_el8.5.0+2608+72063365
- (no CPE)range: < 5.1.19-10.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-lp152.9.3.1
- (no CPE)range: < 7.7.0-2.1
- (no CPE)range: < 5.1.0-8.19.1
- (no CPE)range: < 6.0.0-13.3.1
- (no CPE)range: < 5.1.0-8.19.1
- (no CPE)range: < 6.0.0-13.3.1
- (no CPE)range: < 5.1.0-13.9.1
- (no CPE)range: < 5.1.0-13.9.1
- (no CPE)range: < 5.1.0-13.9.1
Patches
Vulnerability mechanics
References
3- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- security.gentoo.org/glsa/202101-22nvdThird Party Advisory
- security.gentoo.org/glsa/202210-06nvdThird Party Advisory
News mentions
0No linked articles in our index yet.