Fedora 29 update for libvirt



| Updated: 2025-04-25
Risk Medium
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2019-10161
CVE-2019-10166
CVE-2019-10167
CVE-2019-10168
CVE-2019-3886
CVE-2019-10132
CWE-ID CWE-284
CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software
Fedora
Operating systems & Components / Operating system

libvirt
Operating systems & Components / Operating system package or component

Vendor Fedoraproject

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Improper access control

EUVDB-ID: #VU18879

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-10161

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions in libvirtd that allow read-only clients to use the virDomainSaveImageGetXMLDesc() API. A local user with read-only access to the libvirtd socket can confirm presence of arbitrary files on the system, trigger denial of service condition or execute arbitrary applications on the affected system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 29

libvirt: before 4.7.0-5.fc29

CPE2.3 External links

https://bodhi.fedoraproject.org/updates/FEDORA-2019-9210998aaa


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper access control

EUVDB-ID: #VU32018

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-10166

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 29

libvirt: before 4.7.0-5.fc29

CPE2.3 External links

https://bodhi.fedoraproject.org/updates/FEDORA-2019-9210998aaa


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper access control

EUVDB-ID: #VU32019

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-10167

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 29

libvirt: before 4.7.0-5.fc29

CPE2.3 External links

https://bodhi.fedoraproject.org/updates/FEDORA-2019-9210998aaa


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper access control

EUVDB-ID: #VU32020

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-10168

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 29

libvirt: before 4.7.0-5.fc29

CPE2.3 External links

https://bodhi.fedoraproject.org/updates/FEDORA-2019-9210998aaa


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU18847

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-3886

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information or perform denial of service (DoS) attack.

The vulnerability exists due to the application allows readonly permissions to invoke the APIs depending on the guest agent. A remote non-authenticated attacker can gain access to sensitive information or perform denial of service attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 29

libvirt: before 4.7.0-5.fc29

CPE2.3 External links

https://bodhi.fedoraproject.org/updates/FEDORA-2019-9210998aaa


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU18596

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-10132

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a missing SocketMode configuration parameter within the in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A local user can perform administrative tasks against virtlockd and virtlogd daemons.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Fedora: 29

libvirt: before 4.7.0-5.fc29

CPE2.3 External links

https://bodhi.fedoraproject.org/updates/FEDORA-2019-9210998aaa


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###