CVE-2019-10168
Severity
7.8HIGH
EPSS
0.2%
top 54.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 2
Latest updateMay 24
Description
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages7 packages
Also affects: Enterprise Linux 7.0, 8.0, 7.6
🔴Vulnerability Details
3GHSA▶
GHSA-v3hc-v42h-rp66: The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4↗2022-05-24
CVEList▶
CVE-2019-10168: The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4↗2019-08-02
OSV▶
CVE-2019-10168: The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4↗2019-08-02
📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2019-10168 mingw-libvirt: libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs [fedora-all]↗2019-06-20
Bugzilla▶
CVE-2019-10168 libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs [fedora-all]↗2019-06-20
Bugzilla▶
CVE-2019-10168 libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs↗2019-06-13