Redhat Libvirt vulnerabilities

CVE-2024-8235 [MEDIUM] CWE-476 CVE-2024-8235: A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple API A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read

CVE-2024-2496 [MEDIUM] CWE-476 CVE-2024-2496: A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.

CVE-2023-2700 [MEDIUM] CWE-401 CVE-2023-2700: A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IO A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.

CVE-2021-3975 [MEDIUM] CWE-416 CVE-2021-3975: A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandl A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection co

CVE-2022-0897 [MEDIUM] CWE-667 CVE-2022-0897: A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit thi

CVE-2021-4147 [MEDIUM] CWE-667 CVE-2021-4147: A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.

CVE-2021-3667 [MEDIUM] CWE-667 CVE-2021-3667: An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occur An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock

CVE-2021-3631 [MEDIUM] CWE-732 CVE-2021-3631: A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. T A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.

CVE-2020-10701 [MEDIUM] CWE-862 CVE-2020-10701: A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent re A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the ag

CVE-2020-14301 [MEDIUM] CWE-212 CVE-2020-14301: An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.

CVE-2021-3559 [MEDIUM] CWE-119 CVE-2021-3559: A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It onl A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The

CVE-2020-14339 [HIGH] CWE-772 CVE-2020-14339: A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QE A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing seriou

CVE-2020-25637 [MEDIUM] CWE-415 CVE-2020-25637: A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsi A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash t

CVE-2020-10703 [MEDIUM] CWE-476 CVE-2020-10703: A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3 A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-onl

CVE-2020-12430 [MEDIUM] CWE-401 CVE-2020-12430: An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak

CVE-2019-20485 [MEDIUM] CWE-20 CVE-2019-20485: qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).

CVE-2019-10166 [HIGH] CWE-284 CVE-2019-10166: It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit r It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would

CVE-2019-10167 [HIGH] CWE-250 CVE-2019-10167: The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4 The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, caus

CVE-2019-10168 [HIGH] CWE-250 CVE-2019-10168: The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x befor The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary pat

CVE-2019-10161 [HIGH] CWE-284 CVE-2019-10161: It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to u It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause