Libvirt Security Vulnerabilities and Issues — Page 2 of Libvirt CVE List

Lucene search

RedhatLibvirt

73 matches found

CVE•added 2012/11/19 12:10 p.m.•65 views

CVE-2012-4423

The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.

5CVSS6.3AI score0.0287EPSS

CVE•added 2014/01/07 7:55 p.m.•65 views

CVE-2013-6436

The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown s...

2.1CVSS7.7AI score0.00068EPSS

CVE•added 2014/01/24 6:55 p.m.•64 views

CVE-2014-0028

libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the...

4.3CVSS8.1AI score0.00104EPSS

CVE•added 2018/08/22 9:29 p.m.•64 views

CVE-2017-2635

A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.

7.7CVSS7.3AI score0.00322EPSS

CVE•added 2016/04/14 3:59 p.m.•62 views

CVE-2015-5247

The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.

6.5CVSS7.1AI score0.0039EPSS

CVE•added 2013/09/30 9:55 p.m.•60 views

CVE-2013-4292

libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c.

2.1CVSS7.7AI score0.00068EPSS

CVE•added 2013/12/09 4:36 p.m.•60 views

CVE-2013-4400

virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.

7.2CVSS8.3AI score0.00053EPSS

CVE•added 2012/06/17 3:41 a.m.•59 views

CVE-2012-2693

libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.

3.7CVSS6.1AI score0.00059EPSS

CVE•added 2012/08/07 9:55 p.m.•59 views

CVE-2012-3445

The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds rea...

3.5CVSS6.3AI score0.01323EPSS

CVE•added 2013/11/02 6:55 p.m.•59 views

CVE-2013-4401

The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from...

8.5CVSS8.6AI score0.01463EPSS

CVE•added 2014/12/19 3:59 p.m.•59 views

CVE-2014-8135

The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.

2.1CVSS7.6AI score0.00158EPSS

CVE•added 2013/09/30 9:55 p.m.•58 views

CVE-2013-4153

Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command.

5CVSS6.2AI score0.00642EPSS

CVE•added 2013/03/20 3:55 p.m.•57 views

CVE-2013-1766

libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.

3.6CVSS6.2AI score0.00056EPSS

CVE•added 2013/09/30 9:55 p.m.•56 views

CVE-2013-4297

The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.

4CVSS7.7AI score0.0058EPSS

CVE•added 2013/09/30 9:55 p.m.•56 views

CVE-2013-5651

The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.

5CVSS7.8AI score0.00639EPSS

CVE•added 2014/05/07 10:55 a.m.•56 views

CVE-2013-7336

The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called ...

1.9CVSS7.7AI score0.00068EPSS

CVE•added 2014/12/12 3:59 p.m.•55 views

CVE-2013-4399

The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing t...

4.3CVSS8AI score0.00677EPSS

CVE•added 2013/09/30 9:55 p.m.•54 views

CVE-2013-2230

The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration."

4CVSS5.9AI score0.0058EPSS

CVE•added 2015/01/06 3:59 p.m.•54 views

CVE-2014-8131

The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access ...

4CVSS7.8AI score0.00321EPSS

CVE•added 2013/09/30 9:55 p.m.•53 views

CVE-2013-4239

The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.

4CVSS7.8AI score0.0058EPSS

CVE•added 2013/09/30 9:55 p.m.•52 views

CVE-2013-4291

The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.

6.9CVSS8.1AI score0.00046EPSS

CVE•added 2013/09/30 9:55 p.m.•51 views

CVE-2013-2218

Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --i...

5CVSS6.2AI score0.10811EPSS

CVE•added 2013/09/30 9:55 p.m.•51 views

CVE-2013-4154

The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "virsh vcpucount foobar --guest" command.

4.3CVSS6.1AI score0.00731EPSS

Total number of security vulnerabilities73