This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2011-05-31
Product Libvirt Last view 2020-10-06
Version - Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:redhat:libvirt

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.7 2020-10-06 CVE-2020-25637

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

6.5 2020-06-02 CVE-2020-10703

A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.

6.5 2020-04-28 CVE-2020-12430

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.

5.7 2020-03-19 CVE-2019-20485

qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).

7.8 2019-08-02 CVE-2019-10168

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.

7.8 2019-08-02 CVE-2019-10167

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.

7.8 2019-08-02 CVE-2019-10166

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.

8.8 2019-05-22 CVE-2019-10132

A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.

7.5 2019-04-18 CVE-2016-10746

libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.

5.4 2019-04-04 CVE-2019-3886

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.

6.3 2019-03-27 CVE-2019-3840

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.

6.5 2018-08-22 CVE-2017-2635

A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.

7.5 2018-03-28 CVE-2018-1064

libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.

7.8 2018-02-23 CVE-2018-6764

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.

7.5 2018-01-25 CVE-2018-5748

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.

8.1 2017-10-31 CVE-2017-1000256

libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.

9.8 2016-07-13 CVE-2016-5008

libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.

6.5 2016-05-25 CVE-2014-3672

The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.

2.5 2016-04-11 CVE-2015-5313

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.

4 2015-01-06 CVE-2014-8131

The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.

2.1 2014-12-19 CVE-2014-8136

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.

2.1 2014-12-19 CVE-2014-8135

The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.

4.3 2014-12-12 CVE-2013-4399

The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection.

5 2014-11-13 CVE-2014-7823

The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.

1.9 2014-05-07 CVE-2013-7336

The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.

CWE : Common Weakness Enumeration

%idName
18% (6) CWE-264 Permissions, Privileges, and Access Controls
9% (3) CWE-476 NULL Pointer Dereference
9% (3) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
9% (3) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
6% (2) CWE-362 Race Condition
6% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6% (2) CWE-20 Improper Input Validation
3% (1) CWE-416 Use After Free
3% (1) CWE-415 Double Free
3% (1) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
3% (1) CWE-399 Resource Management Errors
3% (1) CWE-346 Origin Validation Error
3% (1) CWE-295 Certificate Issues
3% (1) CWE-284 Access Control (Authorization) Issues
3% (1) CWE-255 Credentials Management
3% (1) CWE-254 Security Features
3% (1) CWE-200 Information Exposure
3% (1) CWE-189 Numeric Errors

Open Source Vulnerability Database (OSVDB)

id Description
73668 libvirt src/libvirt.c virDomainGetVcpus() Function Request Parsing Remote Ove...
72643 libvirt libvirtd Multiple Thread Error Reporting Remote DoS

OpenVAS Exploits

id Description
2012-10-19 Name : Fedora Update for libvirt FEDORA-2012-15640
File : nvt/gb_fedora_2012_15640_libvirt_fc16.nasl
2012-10-16 Name : Fedora Update for libvirt FEDORA-2012-15634
File : nvt/gb_fedora_2012_15634_libvirt_fc17.nasl
2012-10-12 Name : CentOS Update for libvirt CESA-2012:1359 centos6
File : nvt/gb_CESA-2012_1359_libvirt_centos6.nasl
2012-10-12 Name : RedHat Update for libvirt RHSA-2012:1359-01
File : nvt/gb_RHSA-2012_1359-01_libvirt.nasl
2012-09-07 Name : Fedora Update for libvirt FEDORA-2012-12523
File : nvt/gb_fedora_2012_12523_libvirt_fc17.nasl
2012-07-30 Name : CentOS Update for libvirt CESA-2011:0478 centos5 x86_64
File : nvt/gb_CESA-2011_0478_libvirt_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for libvirt CESA-2011:1019 centos5 x86_64
File : nvt/gb_CESA-2011_1019_libvirt_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for libvirt CESA-2012:0748 centos6
File : nvt/gb_CESA-2012_0748_libvirt_centos6.nasl
2012-07-09 Name : RedHat Update for libvirt RHSA-2011:1197-01
File : nvt/gb_RHSA-2011_1197-01_libvirt.nasl
2012-06-22 Name : RedHat Update for libvirt RHSA-2012:0748-05
File : nvt/gb_RHSA-2012_0748-05_libvirt.nasl
2012-06-06 Name : RedHat Update for libvirt RHSA-2011:0479-01
File : nvt/gb_RHSA-2011_0479-01_libvirt.nasl
2012-03-12 Name : Gentoo Security Advisory GLSA 201202-07 (libvirt)
File : nvt/glsa_201202_07.nasl
2011-09-23 Name : CentOS Update for libvirt CESA-2011:1019 centos5 i386
File : nvt/gb_CESA-2011_1019_libvirt_centos5_i386.nasl
2011-08-09 Name : CentOS Update for libvirt CESA-2011:0478 centos5 i386
File : nvt/gb_CESA-2011_0478_libvirt_centos5_i386.nasl
2011-08-03 Name : Debian Security Advisory DSA 2280-1 (libvirt)
File : nvt/deb_2280_1.nasl
2011-08-02 Name : Ubuntu Update for libvirt USN-1180-1
File : nvt/gb_ubuntu_USN_1180_1.nasl
2011-07-27 Name : Fedora Update for libvirt FEDORA-2011-9062
File : nvt/gb_fedora_2011_9062_libvirt_fc14.nasl
2011-07-18 Name : Fedora Update for libvirt FEDORA-2011-9091
File : nvt/gb_fedora_2011_9091_libvirt_fc15.nasl
2011-06-20 Name : Ubuntu Update for libvirt USN-1152-1
File : nvt/gb_ubuntu_USN_1152_1.nasl
2011-04-21 Name : Fedora Update for libvirt FEDORA-2011-4870
File : nvt/gb_fedora_2011_4870_libvirt_fc13.nasl
2011-04-19 Name : Fedora Update for libvirt FEDORA-2011-4896
File : nvt/gb_fedora_2011_4896_libvirt_fc14.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO
2018-12-20 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1134.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3113.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1253.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1277.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0052.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0129.nasl - Type: ACT_GATHER_INFO
2018-07-26 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1049.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0039.nasl - Type: ACT_GATHER_INFO
2018-07-03 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1197.nasl - Type: ACT_GATHER_INFO
2018-06-22 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-1929.nasl - Type: ACT_GATHER_INFO
2018-05-31 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-1396.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201804-07.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201804-08.nasl - Type: ACT_GATHER_INFO
2018-03-27 Name: The remote Debian host is missing a security update.
File: debian_DLA-1315.nasl - Type: ACT_GATHER_INFO
2018-03-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4137.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-b16cdbdc34.nasl - Type: ACT_GATHER_INFO
2017-10-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1213.nasl - Type: ACT_GATHER_INFO
2017-10-26 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2850-1.nasl - Type: ACT_GATHER_INFO
2017-10-20 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4003.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1052.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1053.nasl - Type: ACT_GATHER_INFO
2016-12-15 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20161103_libvirt_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2016-12-05 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201612-10.nasl - Type: ACT_GATHER_INFO
2016-11-28 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-2577.nasl - Type: ACT_GATHER_INFO