Unrated severityNVD Advisory· Published Apr 4, 2019· Updated Aug 4, 2024
CVE-2019-3886
CVE-2019-3886
Description
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
18- osv-coords17 versionspkg:rpm/opensuse/libvirt&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libvirt&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/libvirt&distro=SUSE%20OpenStack%20Cloud%207
< 7.7.0-2.1+ 16 more
- (no CPE)range: < 7.7.0-2.1
- (no CPE)range: < 2.0.0-27.54.1
- (no CPE)range: < 3.3.0-5.30.1
- (no CPE)range: < 4.0.0-8.9.1
- (no CPE)range: < 4.0.0-9.19.4
- (no CPE)range: < 4.0.0-9.19.4
- (no CPE)range: < 1.2.5-23.20.1
- (no CPE)range: < 2.0.0-27.54.1
- (no CPE)range: < 2.0.0-27.54.1
- (no CPE)range: < 3.3.0-5.30.1
- (no CPE)range: < 4.0.0-8.9.1
- (no CPE)range: < 2.0.0-27.54.1
- (no CPE)range: < 3.3.0-5.30.1
- (no CPE)range: < 4.0.0-8.9.1
- (no CPE)range: < 3.3.0-5.30.1
- (no CPE)range: < 4.0.0-8.9.1
- (no CPE)range: < 2.0.0-27.54.1
- The libvirt Project/libvirtv5Range: 4.8.0 and above
Patches
Vulnerability mechanics
References
7- lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.htmlmitrevendor-advisory
- access.redhat.com/errata/RHBA-2019:3723mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH/mitrevendor-advisory
- usn.ubuntu.com/4021-1/mitrevendor-advisory
- www.securityfocus.com/bid/107777mitrevdb-entry
- bugzilla.redhat.com/show_bug.cgimitre
News mentions
0No linked articles in our index yet.