CVE-2019-10161
Published: 20 June 2019
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
bionic |
Released
(4.0.0-1ubuntu8.12)
|
cosmic |
Released
(4.6.0-2ubuntu3.8)
|
|
disco |
Released
(5.0.0-1ubuntu2.4)
|
|
eoan |
Released
(5.4.0-0ubuntu3)
|
|
focal |
Released
(5.4.0-0ubuntu3)
|
|
groovy |
Released
(5.4.0-0ubuntu3)
|
|
hirsute |
Released
(5.4.0-0ubuntu3)
|
|
trusty |
Released
(1.2.2-0ubuntu13.1.28+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Needs triage
|
|
xenial |
Released
(1.3.1-1ubuntu10.27)
|
|
Patches: upstream: https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16196579e239580 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=6aa0c85be9f840a32fcec282185b5ed2513a3aa5 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=a27659643b8ae9b26b52fc857cdc5b301184e26e upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=1f8129c5db3952a57900b8cd1d94e629068e6aa5 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=980109c41c8bb55fd105809f2e063667721feaea |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://rhn.redhat.com/errata/RHSA-2019-1578.html
- https://access.redhat.com/libvirt-privesc-vulnerabilities
- https://security.libvirt.org/2019/0004.html
- https://ubuntu.com/security/notices/USN-4047-1
- https://ubuntu.com/security/notices/USN-4047-2
- https://www.cve.org/CVERecord?id=CVE-2019-10161
- NVD
- Launchpad
- Debian