Unrated severityNVD Advisory· Published Apr 4, 2019· Updated Aug 4, 2024

CVE-2019-3886

Description

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.

Affected products

osv-coords17 versions
pkg:rpm/opensuse/libvirt&distro=openSUSE%20Tumbleweed pkg:rpm/suse/libvirt&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015 pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/libvirt&distro=SUSE%20OpenStack%20Cloud%207
< 7.7.0-2.1+ 16 more
- (no CPE)range: < 7.7.0-2.1
- (no CPE)range: < 2.0.0-27.54.1
- (no CPE)range: < 3.3.0-5.30.1
- (no CPE)range: < 4.0.0-8.9.1
- (no CPE)range: < 4.0.0-9.19.4
- (no CPE)range: < 4.0.0-9.19.4
- (no CPE)range: < 1.2.5-23.20.1
- (no CPE)range: < 2.0.0-27.54.1
- (no CPE)range: < 2.0.0-27.54.1
- (no CPE)range: < 3.3.0-5.30.1
- (no CPE)range: < 4.0.0-8.9.1
- (no CPE)range: < 2.0.0-27.54.1
- (no CPE)range: < 3.3.0-5.30.1
- (no CPE)range: < 4.0.0-8.9.1
- (no CPE)range: < 3.3.0-5.30.1
- (no CPE)range: < 4.0.0-8.9.1
- (no CPE)range: < 2.0.0-27.54.1
The libvirt Project/libvirtv5
Range: 4.8.0 and above

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.htmlmitrevendor-advisory
access.redhat.com/errata/RHBA-2019:3723mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH/mitrevendor-advisory
usn.ubuntu.com/4021-1/mitrevendor-advisory
www.securityfocus.com/bid/107777mitrevdb-entry
bugzilla.redhat.com/show_bug.cgimitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000