Page 2 of 13 results (0.010 seconds)

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró que ocurría un problema de doble liberación de la memoria en la API de libvirt, en versiones anteriores a 6.8.0, responsable de pedir información sobre unas interfaces de red de un dominio QEMU en ejecución. • https://github.com/brahmiboudjema/CVE-2020-25637-libvirt-double-free http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00073.html https://bugzilla.redhat.com/show_bug.cgi?id=1881037 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://security.gentoo.org/glsa/202210-06 https://access.redhat.com/security/cve/CVE-2020-25637 • CWE-415: Double Free •

CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0

qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). El archivo qemu/qemu_driver.c en libvirt versiones anteriores a 6.0.0, maneja inapropiadamente la conservación de un trabajo de monitoreo durante una consulta a un agente invitado, lo que permite a atacantes causar una denegación de servicio (bloqueo de la API). A flaw was found in the way the libvirtd daemon issued the 'suspend' command to a QEMU guest-agent running inside a guest, where it holds a monitor job while issuing the 'suspend' command to a guest-agent. A malicious guest-agent may use this flaw to block the libvirt daemon indefinitely, resulting in a denial of service. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078 https://bugzilla.redhat.com/show_bug.cgi?id=1809740 https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=a663a860819287e041c3de672aad1d8543098ecc https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5GE6ISYUL3CIWO3FQRUGMKTKP2NYED2 https://security-tracker.debian.org/tracker/CVE-2019-20485 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1730509.html https://access.redhat.com/security/cve/CVE-2019 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. Se detectó que libvirtd anterior a versiones 4.10.1 y 5.4.1, permitiría a clientes de solo lectura usar la API de la función virDomainSaveImageGetXMLDesc(), especificando una ruta (path) arbitraria a la que se accedería con los permisos del proceso libvirtd. Un atacante con acceso al socket libvirtd podría usar esto para probar la existencia de archivos arbitrarios, causar una denegación de servicio o causar que libvirtd ejecute programas arbitrarios. It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. • https://access.redhat.com/libvirt-privesc-vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161 https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=aed6a032cead4386472afb24b16196579e239580 https://security.gentoo.org/glsa/202003-18 https://usn.ubuntu.com/4047-2 https://access.redhat.com/security/cve/CVE-2019-10161 https://bugzilla.redhat.com/show_bug.cgi?id=1720115 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control CWE-862: Missing Authorization •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. Se encontró una vulnerabilidad en libvirt > = 4.1.0 en las unidades virtlockd-admin. Socket y virtlogd-admin. Socket systemd. • https://access.redhat.com/errata/RHSA-2019:1264 https://access.redhat.com/errata/RHSA-2019:1268 https://access.redhat.com/errata/RHSA-2019:1455 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2 https://security.libvirt.org/2019/0003.html https://usn.ub • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 3

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service. Se ha descubierto un error de desreferencia de puntero NULL en libvirt, en versiones anteriores a la 5.0.0, en la forma en la que obtiene información de la interfaz mediante el agente QEMU. Un atacante en una máquina virtual invitada puede emplear este error para provocar el cierre inesperado de libvirtd y provocar una denegación de servicio (DoS). A NULL pointer dereference flaw was discovered in libvirt in the way it gets interface information through the QEMU agent. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00101.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html https://access.redhat.com/errata/RHSA-2019:2294 https://bugzilla.redhat.com/show_bug.cgi?id=1663051 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZRP2BRMI4RYFRPNFTTIAAUOGVN2ORP7 https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html https& • CWE-476: NULL Pointer Dereference •