Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Libvirt
Total 72 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-0897 2 Netapp, Redhat 2 Ontap Select Deploy Administration Utility, Libvirt 2024-04-01 4.0 MEDIUM 4.3 MEDIUM
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).
CVE-2021-4147 2 Fedoraproject, Redhat 2 Fedora, Libvirt 2024-04-01 4.9 MEDIUM 6.5 MEDIUM
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.
CVE-2021-3975 4 Canonical, Debian, Fedoraproject and 1 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2024-04-01 N/A 6.5 MEDIUM
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.
CVE-2021-3667 2 Netapp, Redhat 3 Ontap Select Deploy Administration Utility, Enterprise Linux, Libvirt 2024-04-01 3.5 LOW 6.5 MEDIUM
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
CVE-2021-3631 2 Netapp, Redhat 4 Ontap Select Deploy Administration Utility, Enterprise Linux, Libvirt and 1 more 2024-04-01 3.3 LOW 6.3 MEDIUM
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
CVE-2020-25637 2 Opensuse, Redhat 2 Leap, Libvirt 2024-04-01 7.2 HIGH 6.7 MEDIUM
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-12430 1 Redhat 2 Enterprise Linux, Libvirt 2024-04-01 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.
CVE-2020-10703 1 Redhat 1 Libvirt 2024-04-01 4.0 MEDIUM 6.5 MEDIUM
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.
CVE-2023-2700 2 Fedoraproject, Redhat 3 Fedora, Enterprise Linux, Libvirt 2024-02-11 N/A 5.5 MEDIUM
A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.
CVE-2020-10701 1 Redhat 1 Libvirt 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.
CVE-2020-14301 2 Netapp, Redhat 13 Ontap Select Deploy Administration Utility, Codeready Linux Builder, Enterprise Linux and 10 more 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.
CVE-2021-3559 2 Netapp, Redhat 2 Ontap Select Deploy Administration Utility, Libvirt 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability.
CVE-2020-14339 1 Redhat 2 Enterprise Linux, Libvirt 2024-02-04 7.2 HIGH 8.8 HIGH
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2019-20485 2 Debian, Redhat 2 Debian Linux, Libvirt 2024-02-04 2.7 LOW 5.7 MEDIUM
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
CVE-2019-3886 3 Fedoraproject, Opensuse, Redhat 3 Fedora, Leap, Libvirt 2024-02-04 4.8 MEDIUM 5.4 MEDIUM
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
CVE-2019-10167 1 Redhat 9 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 6 more 2024-02-04 4.6 MEDIUM 7.8 HIGH
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
CVE-2019-10161 2 Canonical, Redhat 5 Ubuntu Linux, Enterprise Linux, Libvirt and 2 more 2024-02-04 7.2 HIGH 7.8 HIGH
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
CVE-2019-10166 1 Redhat 9 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 6 more 2024-02-04 4.6 MEDIUM 7.8 HIGH
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
CVE-2019-10132 2 Fedoraproject, Redhat 2 Fedora, Libvirt 2024-02-04 6.5 MEDIUM 8.8 HIGH
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
CVE-2019-10168 1 Redhat 9 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 6 more 2024-02-04 4.6 MEDIUM 7.8 HIGH
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.