Improper access control in libvirt - CVE-2019-10168
Published: August 2, 2019 / Updated: July 28, 2020
Vulnerability identifier: #VU32020
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-10168
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: libvirt.org
Affected software:
libvirt
libvirt
Detailed vulnerability description
The vulnerability allows a local authenticated user to execute arbitrary code.
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
How to mitigate CVE-2019-10168
Install update from vendor's website.