rpm package
almalinux/libvirt-admin
pkg:rpm/almalinux/libvirt-admin
Vulnerabilities (16)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-20257 | — | < 6.0.0-37.module_el8.5.0+2608+72063365 | 6.0.0-37.module_el8.5.0+2608+72063365 | Mar 16, 2022 | An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re | ||
| CVE-2021-3667 | — | < 6.0.0-37.module_el8.5.0+2608+72063365 | 6.0.0-37.module_el8.5.0+2608+72063365 | Mar 2, 2022 | An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write soc | ||
| CVE-2021-3631 | — | < 6.0.0-37.module_el8.5.0+2608+72063365 | 6.0.0-37.module_el8.5.0+2608+72063365 | Mar 2, 2022 | A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to | ||
| CVE-2021-3930 | — | < 6.0.0-37.module_el8.5.0+2608+72063365 | 6.0.0-37.module_el8.5.0+2608+72063365 | Feb 18, 2022 | An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a d | ||
| CVE-2021-3595 | — | < 6.0.0-37.module_el8.5.0+2608+72063365 | 6.0.0-37.module_el8.5.0+2608+72063365 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun | ||
| CVE-2021-3594 | — | < 6.0.0-37.module_el8.5.0+2608+72063365 | 6.0.0-37.module_el8.5.0+2608+72063365 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound | ||
| CVE-2021-3593 | — | < 6.0.0-37.module_el8.5.0+2608+72063365 | 6.0.0-37.module_el8.5.0+2608+72063365 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-boun | ||
| CVE-2021-3592 | — | < 6.0.0-37.module_el8.5.0+2608+72063365 | 6.0.0-37.module_el8.5.0+2608+72063365 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this | ||
| CVE-2020-14301 | — | < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea | 6.0.0-28.module_el8.3.0+2048+e7a0a3ea | May 27, 2021 | An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configurat | ||
| CVE-2020-35517 | — | < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea | 6.0.0-28.module_el8.3.0+2048+e7a0a3ea | Jan 28, 2021 | A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. | ||
| CVE-2020-14339 | — | < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea | 6.0.0-28.module_el8.3.0+2048+e7a0a3ea | Dec 3, 2020 | A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform ope | ||
| CVE-2020-15859 | — | < 6.0.0-37.module_el8.5.0+2608+72063365 | 6.0.0-37.module_el8.5.0+2608+72063365 | Jul 21, 2020 | QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. | ||
| CVE-2020-10703 | — | < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea | 6.0.0-28.module_el8.3.0+2048+e7a0a3ea | Jun 2, 2020 | A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as netwo | ||
| CVE-2020-1983 | — | < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea | 6.0.0-28.module_el8.3.0+2048+e7a0a3ea | Apr 22, 2020 | A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. | ||
| CVE-2019-20485 | — | < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea | 6.0.0-28.module_el8.3.0+2048+e7a0a3ea | Mar 19, 2020 | qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). | ||
| CVE-2019-15890 | — | < 6.0.0-28.module_el8.3.0+2048+e7a0a3ea | 6.0.0-28.module_el8.3.0+2048+e7a0a3ea | Sep 6, 2019 | libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. |
- CVE-2021-20257Mar 16, 2022affected < 6.0.0-37.module_el8.5.0+2608+72063365fixed 6.0.0-37.module_el8.5.0+2608+72063365
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re
- CVE-2021-3667Mar 2, 2022affected < 6.0.0-37.module_el8.5.0+2608+72063365fixed 6.0.0-37.module_el8.5.0+2608+72063365
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write soc
- CVE-2021-3631Mar 2, 2022affected < 6.0.0-37.module_el8.5.0+2608+72063365fixed 6.0.0-37.module_el8.5.0+2608+72063365
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to
- CVE-2021-3930Feb 18, 2022affected < 6.0.0-37.module_el8.5.0+2608+72063365fixed 6.0.0-37.module_el8.5.0+2608+72063365
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a d
- CVE-2021-3595Jun 15, 2021affected < 6.0.0-37.module_el8.5.0+2608+72063365fixed 6.0.0-37.module_el8.5.0+2608+72063365
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun
- CVE-2021-3594Jun 15, 2021affected < 6.0.0-37.module_el8.5.0+2608+72063365fixed 6.0.0-37.module_el8.5.0+2608+72063365
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound
- CVE-2021-3593Jun 15, 2021affected < 6.0.0-37.module_el8.5.0+2608+72063365fixed 6.0.0-37.module_el8.5.0+2608+72063365
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-boun
- CVE-2021-3592Jun 15, 2021affected < 6.0.0-37.module_el8.5.0+2608+72063365fixed 6.0.0-37.module_el8.5.0+2608+72063365
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this
- CVE-2020-14301May 27, 2021affected < 6.0.0-28.module_el8.3.0+2048+e7a0a3eafixed 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configurat
- CVE-2020-35517Jan 28, 2021affected < 6.0.0-28.module_el8.3.0+2048+e7a0a3eafixed 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.
- CVE-2020-14339Dec 3, 2020affected < 6.0.0-28.module_el8.3.0+2048+e7a0a3eafixed 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform ope
- CVE-2020-15859Jul 21, 2020affected < 6.0.0-37.module_el8.5.0+2608+72063365fixed 6.0.0-37.module_el8.5.0+2608+72063365
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.
- CVE-2020-10703Jun 2, 2020affected < 6.0.0-28.module_el8.3.0+2048+e7a0a3eafixed 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as netwo
- CVE-2020-1983Apr 22, 2020affected < 6.0.0-28.module_el8.3.0+2048+e7a0a3eafixed 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
- CVE-2019-20485Mar 19, 2020affected < 6.0.0-28.module_el8.3.0+2048+e7a0a3eafixed 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
- CVE-2019-15890Sep 6, 2019affected < 6.0.0-28.module_el8.3.0+2048+e7a0a3eafixed 6.0.0-28.module_el8.3.0+2048+e7a0a3ea
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.