CVE-2019-10161

Published: 20 June 2019

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.

Priority

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package	Release	Status
libvirt Launchpad, Ubuntu, Debian	bionic	Released (4.0.0-1ubuntu8.12)
	cosmic	Released (4.6.0-2ubuntu3.8)
	disco	Released (5.0.0-1ubuntu2.4)
	eoan	Released (5.4.0-0ubuntu3)
	focal	Released (5.4.0-0ubuntu3)
	groovy	Released (5.4.0-0ubuntu3)
	hirsute	Released (5.4.0-0ubuntu3)
	trusty	Released (1.2.2-0ubuntu13.1.28+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	upstream	Needs triage
	xenial	Released (1.3.1-1ubuntu10.27)
	Patches: upstream: https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16196579e239580 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=6aa0c85be9f840a32fcec282185b5ed2513a3aa5 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=a27659643b8ae9b26b52fc857cdc5b301184e26e upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=1f8129c5db3952a57900b8cd1d94e629068e6aa5 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=980109c41c8bb55fd105809f2e063667721feaea

Severity score breakdown

Parameter	Value
Base score	7.8
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›