CVE-2019-10167: The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the…

high7.8CVSS 3.1

AVLACLPRLUINSUCHIHAH

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.

Affected

21 ranges

Vendor	Product	Version range	Fixed in
debian	libvirt	< libvirt 5.0.0-4 (bookworm)	libvirt 5.0.0-4 (bookworm)
libvirt	libvirt	—	—
libvirt	libvirt	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_workstation	—	—
redhat	enterprise_linux_workstation	—	—
redhat	libvirt	>= 0 < 5.0.0-4	5.0.0-4
redhat	libvirt	>= 0 < 5.0.0-4	5.0.0-4
redhat	libvirt	>= 0 < 5.0.0-4	5.0.0-4
redhat	libvirt	>= 0 < 5.0.0-4	5.0.0-4
redhat	libvirt	>= 4.0.0 < 4.10.1	4.10.1
redhat	libvirt	>= 5.0.0 < 5.4.1	5.4.1
redhat	virtualization	—	—

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

osv7.8HIGH