CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14339 – libvirt: leak of /dev/mapper/control into QEMU guests
https://notcve.org/view.php?id=CVE-2020-14339
01 Sep 2020 — A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró... • https://bugzilla.redhat.com/show_bug.cgi?id=1860069 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2020-10703 – libvirt: Potential denial of service via active pool without target path
https://notcve.org/view.php?id=CVE-2020-10703
21 May 2020 — A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service. Se detectó una desreferencia del puntero NULL en la A... • https://bugzilla.redhat.com/show_bug.cgi?id=1790725 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12430 – Ubuntu Security Notice USN-4371-1
https://notcve.org/view.php?id=CVE-2020-12430
28 Apr 2020 — An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service. Se descubrió un problema en la función qemuDomainGetStatsIOThread en el archivo qemu/qemu_dr... • https://bugzilla.redhat.com/show_bug.cgi?id=1804548 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-20485 – libvirt: Potential DoS by holding a monitor job while querying QEMU guest-agent
https://notcve.org/view.php?id=CVE-2019-20485
19 Mar 2020 — qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). El archivo qemu/qemu_driver.c en libvirt versiones anteriores a 6.0.0, maneja inapropiadamente la conservación de un trabajo de monitoreo durante una consulta a un agente invitado, lo que permite a atacantes causar una denegación de servicio (bloqueo de la API). A flaw was found in the way the libvirtd daemon issued the 'suspe... • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-10161 – libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
https://notcve.org/view.php?id=CVE-2019-10161
20 Jun 2019 — It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. Se detectó que libvirtd anterior a versiones 4.10.1 y 5.4.1, permitiría a clientes de solo l... • https://access.redhat.com/libvirt-privesc-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10166 – libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients
https://notcve.org/view.php?id=CVE-2019-10166
20 Jun 2019 — It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed. Se detectó que libvirtd, versiones 4.x.x anteriores a 4.10.1 y versiones 5.x.x anteriores a 5.4.1, p... • https://access.redhat.com/libvirt-privesc-vulnerabilities • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10167 – libvirt: arbitrary command execution via virConnectGetDomainCapabilities API
https://notcve.org/view.php?id=CVE-2019-10167
20 Jun 2019 — The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. La API libvirt de la función virConnectGetDomainCapabilities(), versiones 4.x.x anteriore... • https://access.redhat.com/libvirt-privesc-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-250: Execution with Unnecessary Privileges CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2019-10168 – libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs
https://notcve.org/view.php?id=CVE-2019-10168
20 Jun 2019 — The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. Las APIs libvirt de las funciones virConnectBaselineHypervisorCP... • https://access.redhat.com/libvirt-privesc-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-250: Execution with Unnecessary Privileges CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2019-10132 – libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter
https://notcve.org/view.php?id=CVE-2019-10132
22 May 2019 — A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. Se encontró una vulnerabilidad en libvirt > = 4.1.0 en las unidades virtlockd-admin. Socket y virtlogd-admin. Socket systemd. • https://access.redhat.com/errata/RHSA-2019:1264 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-10746
https://notcve.org/view.php?id=CVE-2016-10746
18 Apr 2019 — libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886. libvirt-domain.c en libvirt versiones anteriores a la 1.3.1 soporta las llamadas a la API virDomainGetTime por agentes invitados con una conexión RO, aunque se suponía que se requería una conexión RW, es una vulnerabilidad diferente de CVE-2019-3886. • https://github.com/libvirt/libvirt/commit/506e9d6c2d4baaf580d489fff0690c0ff2ff588f • CWE-254: 7PK - Security Features •