Libvirt Red Hat Libvirt

stack.watch can notify you when security vulnerabilities are reported in Red Hat Libvirt. You can add multiple products that you use with Libvirt to create your own personal software stack watcher.

By the Year

In 2020 there have been 3 vulnerabilities in Red Hat Libvirt with an average score of 6.2 out of ten. Last year Libvirt had 6 security vulnerabilities published. Right now, Libvirt is on track to have less security vulerabilities in 2020 than it did last year. Last year, the average CVE base score was greater by 1.08

Year Vulnerabilities Average Score
2020 3 6.23
2019 6 7.32
2018 3 7.60

It may take a day or so for new Libvirt vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Red Hat Libvirt Security Vulnerabilities

A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0

CVE-2020-10703 6.5 - Medium - June 02, 2020

A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.

NULL Pointer Dereference

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0

CVE-2020-12430 6.5 - Medium - April 28, 2020

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.

Memory Leak

qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which

CVE-2019-20485 5.7 - Medium - March 19, 2020

qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).

Improper Input Validation

It was discovered that libvirtd

CVE-2019-10166 7.8 - High - August 02, 2019

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.

Authorization

The virConnectGetDomainCapabilities() libvirt API

CVE-2019-10167 7.8 - High - August 02, 2019

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.

Authorization

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs

CVE-2019-10168 7.8 - High - August 02, 2019

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.

Authorization

A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons

CVE-2019-10132 8.8 - High - May 22, 2019

A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.

Permissions, Privileges, and Access Controls

An incorrect permissions check was discovered in libvirt 4.8.0 and above

CVE-2019-3886 5.4 - Medium - April 04, 2019

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.

Information Leak

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service

CVE-2019-3840 6.3 - Medium - March 27, 2019

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.

NULL Pointer Dereference

libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered

CVE-2018-1064 7.5 - High - March 28, 2018

libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.

Uncontrolled Resource Consumption ('Resource Exhaustion')

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which

CVE-2018-6764 7.8 - High - February 23, 2018

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.

Origin Validation Error

qemu/qemu_monitor.c in libvirt

CVE-2018-5748 7.5 - High - January 25, 2018

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.

Uncontrolled Resource Consumption ('Resource Exhaustion')