Redhat Libvirt vulnerabilities

CVE-2019-10132 [HIGH] CWE-732 CVE-2019-10132: A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socke A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.

CVE-2016-10746 [HIGH] CWE-254 CVE-2016-10746: libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.

CVE-2019-3886 [MEDIUM] CWE-862 CVE-2019-3886: An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission wa An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.

CVE-2019-3840 [MEDIUM] CWE-476 CVE-2019-3840: A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets in A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.

CVE-2017-2635 [HIGH] CWE-476 CVE-2017-2635: A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.

CVE-2018-1064 [HIGH] CWE-400 CVE-2018-1064: libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.

CVE-2017-1000256 [HIGH] CWE-295 CVE-2017-1000256: libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" pas libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.

CVE-2016-5008 [CRITICAL] CWE-284 CVE-2016-5008: libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.

CVE-2014-3672 [MEDIUM] CWE-400 CVE-2014-3672: The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denia The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.

CVE-2015-5247 [MEDIUM] CWE-284 CVE-2015-5247: The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users wi The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.

CVE-2011-4600 [MEDIUM] CWE-284 CVE-2011-4600: The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.

CVE-2015-0236 [LOW] CWE-200 CVE-2015-0236: libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_D libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.

CVE-2014-8131 [MEDIUM] CWE-264 CVE-2014-8131: The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly ha The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.

CVE-2013-4399 [MEDIUM] CVE-2013-4399: The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, do The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection.

CVE-2014-7823 [MEDIUM] CWE-255 CVE-2014-7823: The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.

CVE-2014-0179 [LOW] CWE-20 CVE-2014-0179: libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this is

CVE-2014-5177 [LOW] CVE-2014-5177: libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStora

CVE-2013-7336 [LOW] CVE-2013-7336: The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not pro The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus functi

CVE-2013-6456 [MEDIUM] CWE-59 CVE-2013-6456: The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete ar The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shut

CVE-2013-6458 [MEDIUM] CWE-362 CVE-2013-6458: Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlo Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags comma