EUVD-2016-1741

Malware in sbrugna...

SUSE CVE-2016-10746

libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886...

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.

...

CVE-2021-3975

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down...

Authorization

A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this...

CVE-2021-3559

A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices e.g., GRID driver. This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt...

CVE-2021-3556

A flaw was found in libvirt in the virConnectListAllNodeDevices API. It only affects hosts with a PCI device and driver that supports mediated devices ex., GRID driver. This flaw allows an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list'...

CVE-2020-10703

A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools li...

Privilege Escalation

libvirt is vulnerable to privilege escalation. The vulnerability exists as it was found that several libvirt API calls did not honor the read-only permission for connections. A local attacker able to establish a read-only connection to libvirtd on a server could use this flaw to execute commands...

libvirt: dumpxml: information leak with migratable flag

It was found that when the VIRDOMAINXMLMIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc function could bypass the restrictions of the VIRDOMAINXMLSECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak...

libvirt: domain_conf: domain deadlock DoS

A denial of service flaw was found in the way libvirt's virConnectListAllDomains function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive...

libvirt security update

CentOS Errata and Security Advisory CESA-2014:1352 Updated libvirt packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

libvirt: domain_conf: domain deadlock DoS

A denial of service flaw was found in the way libvirt's virConnectListAllDomains function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive...

Updated libvirt packages fix security vulnerability

It was found that libvirtd leaked file descriptors when listing all volumes for a particular pool. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to cause libvirtd to consume all available file descriptors, preventing other users from using libvirtd...

Scientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20130516)

It was found that libvirtd leaked file descriptors when listing all volumes for a particular pool. A remote attacker able to establish a read- only connection to libvirtd could use this flaw to cause libvirtd to consume all available file descriptors, preventing other users from using libvirtd...

RedHat Update for libvirt RHSA-2012:1202-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Scientific Linux Security Update : libvirt on SL5.x i386/x86_64

It was found that several libvirt API calls did not honor the read-only permission for connections. A local attacker able to establish a read-only connection to libvirtd on a server could use this flaw to execute commands that should be restricted to read-write connections, possibly leading to a...

CentOS Update for libvirt CESA-2011:0391 centos5 x86_64

Check for the Version of libvirt OpenVAS Vulnerability Test CentOS Update for libvirt CESA-2011:0391 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

RHEL 5 / 6 : libvirt (RHSA-2011:0391)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0391 advisory. - libvirt: several API calls do not honour read-only connection CVE-2011-1146 Note that Nessus has not tested for this issue but has instead reli...

SuSE 10 Security Update : libvirt (ZYPP Patch Number 5869)

libvirt misses some read-only connection checks for certain methods. This flaw enables local unprivileged users for example to migrate virtual machines without authentication. CVE-2008-5086 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...