7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.4%
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before
4.10.1 and 5.x.x before 5.4.1, accepts an “emulatorbin” argument to specify
the program providing emulation for a domain. Since v1.2.19, libvirt will
execute that program to probe the domain’s capabilities. Read-only clients
could specify an arbitrary path for this argument, causing libvirtd to
execute a crafted executable with its own privileges.
access.redhat.com/libvirt-privesc-vulnerabilities
launchpad.net/bugs/cve/CVE-2019-10167
nvd.nist.gov/vuln/detail/CVE-2019-10167
rhn.redhat.com/errata/RHSA-2019-1579.html
security-tracker.debian.org/tracker/CVE-2019-10167
security.libvirt.org/2019/0006.html
ubuntu.com/security/notices/USN-4047-1
www.cve.org/CVERecord?id=CVE-2019-10167
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.4%