DEBIAN-CVE-2020-14339

DEBIAN-CVE-2020-14339 PUBLISHED CVSS 8.800000190734863 HIGH

A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:12	libvirt	0, 0, 0
Debian:14	libvirt	0, 0, 0
Debian:11	libvirt	0, 0, 0
Debian:13	libvirt	0, 0, 0

Timeline

Dec 3, 2020 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-14339 advisory

Open in Interactive Console →