Astra Linux - уязвимость в libvirt

qemu/qemudriver.c in libvirt before version 6.0.0 improperly handles the handling of a monitor job during a query to a guest agent. This allows attackers to cause a denial of service API blockage...

KubeVirt Guest Agent DoS via Excessive Network Interface Reports

A flaw was found in KubeVirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...

CVE-2025-14525

A flaw was found in kubevirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...

CVE-2025-14525

Summary: CVE-2025-14525 describes a denial-of-service flaw in kubevirt where a VM user with an active guest agent can cause the agent to report an excessive number of network interfaces. This overloads the system’s ability to record VM configuration updates, effectively blocking changes to the Vi...

EUVD-2025-206339

A flaw was found in kubevirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...

CVE-2025-14525

A flaw was found in kubevirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...

PT-2026-4806

Name of the Vulnerable Software and Affected Versions kubevirt affected versions not specified Description A flaw exists in kubevirt where a user inside a virtual machine VM, with an active guest agent, can trigger a denial of service. By reporting an excessive number of network interfaces, the...

EulerOS 2.0 SP9 : qemu (EulerOS-SA-2023-2887)

According to the versions of the qemu package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands whe...

OESA-2023-1476 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to...

libvirt bug fix and enhancement update

An update is available for libvirt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libvirt library contains a C API for managing and interacting with the...

CVE-2023-0664

A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system...

Design/Logic Flaw

A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system...

CVE-2023-0664

A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system...

CVE-2023-0664

CVE-2023-0664 describes a local privilege-escalation flaw in the Windows component of the QEMU Guest Agent. An unprivileged user can abuse the QEMU Guest Agent’s Windows installer via repair custom actions to elevate privileges. The NVD score is 7.8 ( HIGH ); attack vector: LOCAL, no user interac...

CVE-2023-0664

A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system...

SUSE CVE-2013-4154

The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service NULL pointer dereference and crash via vectors related to "agent based cpu unplug," as demonstrated by the "virsh vcpucount foobar --guest" command...

SUSE CVE-2018-1064

libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent...

SUSE CVE-2019-3886

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block...

SUSE CVE-2019-20485

qemu/qemudriver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service API blockage...

DEBIAN-CVE-2020-10701

A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this...