Design/Logic Flaw

An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...

CVE-2021-3631

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality a...

CVE-2021-3667

An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...

Design/Logic Flaw

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality a...

CVE-2021-3667

An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...

UBUNTU-CVE-2021-3667

An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...

UBUNTU-CVE-2021-3631

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality a...

CVE-2021-3631

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality a...

CVE-2021-3631

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality a...

CVE-2021-3631

CVE-2021-3631 affects libvirt: flaw in SELinux MCS category pair generation for VM dynamic labels allows a guest to access files labeled for another guest, breaking sVirt confinement and impacting confidentiality/integrity. Connected advisories confirm libvirt remediation via package upgrades (no...

CVE-2021-3667

CVE-2021-3667 affects libvirt, in particular the virStoragePoolLookupByTargetPath API where a locked virStoragePoolObj is not released on ACL permission failure. This can let clients with limited ACLs on the read-write socket acquire the lock and cause denial of service to storage pool/volume API...

CVE-2021-3631

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality a...

CVE-2021-3631

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality a...

SUSE SLES15: libvirt / libvirt-admin / libvirt-bash-completion / libvirt-client / etc (SUSE-SU-2022:0045-2)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0045-2 advisory. - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. bsc1194041 - CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF...

SUSE-SU-2022:0045-2 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. bsc1194041 - CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF. bsc1192876...

AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2021:1064)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:1064 advisory. QEMU: Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in AlmaLinux CVE-2021-20295 Tenable has extracted the preceding description block directly from the...

AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2020:4676)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4676 advisory. libvirt: leak of /dev/mapper/control into QEMU guests CVE-2020-14339 QEMU: Slirp: use-after-free during packet reassembly CVE-2019-15890 libvirt: Potentia...

openSUSE: Security Advisory for libvirt (openSUSE-SU-2022:0021-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

rhel bug fix update

An update is available for libguestfs, libnbd, nbdkit, libguestfs-winsupport, supermin, libiscsi, hivex, libvirt, netcf, perl-Sys-Virt, seabios, qemu-kvm, sgabios, libvirt-dbus, libvirt-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a...

Mageia: Security Advisory (MGASA-2015-0002)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...