Total
69 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3672 | 2 Redhat, Xen | 2 Libvirt, Xen | 2023-02-12 | 2.1 LOW | 6.5 MEDIUM |
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. | |||||
CVE-2014-0179 | 2 Opensuse, Redhat | 4 Opensuse, Enterprise Linux, Enterprise Virtualization and 1 more | 2023-02-12 | 1.9 LOW | N/A |
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods. | |||||
CVE-2013-6436 | 1 Redhat | 1 Libvirt | 2023-02-12 | 2.1 LOW | N/A |
The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command. | |||||
CVE-2013-6456 | 2 Fedoraproject, Redhat | 2 Fedora, Libvirt | 2023-02-12 | 5.8 MEDIUM | N/A |
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function. | |||||
CVE-2013-4296 | 2 Canonical, Redhat | 3 Ubuntu Linux, Enterprise Linux, Libvirt | 2023-02-12 | 4.0 MEDIUM | N/A |
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call. | |||||
CVE-2012-4423 | 1 Redhat | 1 Libvirt | 2023-02-12 | 5.0 MEDIUM | N/A |
The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table. | |||||
CVE-2021-3667 | 2 Netapp, Redhat | 3 Ontap Select Deploy Administration Utility, Enterprise Linux, Libvirt | 2023-02-12 | 3.5 LOW | 6.5 MEDIUM |
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. | |||||
CVE-2019-3886 | 3 Fedoraproject, Opensuse, Redhat | 3 Fedora, Leap, Libvirt | 2023-02-12 | 4.8 MEDIUM | 5.4 MEDIUM |
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. | |||||
CVE-2019-10132 | 2 Fedoraproject, Redhat | 2 Fedora, Libvirt | 2023-02-12 | 6.5 MEDIUM | 8.8 HIGH |
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. | |||||
CVE-2016-5008 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2023-02-12 | 4.3 MEDIUM | 9.8 CRITICAL |
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server. | |||||
CVE-2015-0236 | 4 Canonical, Mageia, Opensuse and 1 more | 8 Ubuntu Linux, Mageia, Opensuse and 5 more | 2023-02-12 | 3.5 LOW | N/A |
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. | |||||
CVE-2021-3975 | 5 Canonical, Debian, Fedoraproject and 2 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2023-02-03 | N/A | 6.5 MEDIUM |
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. | |||||
CVE-2019-20485 | 3 Debian, Fedoraproject, Redhat | 3 Debian Linux, Fedora, Libvirt | 2023-02-03 | 2.7 LOW | 5.7 MEDIUM |
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). | |||||
CVE-2020-14339 | 1 Redhat | 2 Enterprise Linux, Libvirt | 2022-11-07 | 7.2 HIGH | 8.8 HIGH |
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
CVE-2020-25637 | 2 Opensuse, Redhat | 2 Leap, Libvirt | 2022-11-07 | 7.2 HIGH | 6.7 MEDIUM |
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2022-0897 | 2 Netapp, Redhat | 2 Ontap Select Deploy Administration Utility, Libvirt | 2022-10-27 | 4.0 MEDIUM | 4.3 MEDIUM |
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). | |||||
CVE-2021-3631 | 2 Netapp, Redhat | 4 Ontap Select Deploy Administration Utility, Enterprise Linux, Libvirt and 1 more | 2022-10-16 | 3.3 LOW | 6.3 MEDIUM |
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity. | |||||
CVE-2021-4147 | 3 Fedoraproject, Netapp, Redhat | 3 Fedora, Ontap Select Deploy Administration Utility, Libvirt | 2022-09-29 | 4.9 MEDIUM | 6.5 MEDIUM |
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. | |||||
CVE-2020-14301 | 2 Netapp, Redhat | 13 Ontap Select Deploy Administration Utility, Codeready Linux Builder, Enterprise Linux and 10 more | 2022-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command. | |||||
CVE-2020-10701 | 1 Redhat | 1 Libvirt | 2022-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0. |