rpm package
opensuse/libvirt&distro=openSUSE Leap 15.2
pkg:rpm/opensuse/libvirt&distro=openSUSE%20Leap%2015.2
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3667 | — | < 6.0.0-lp152.9.15.1 | 6.0.0-lp152.9.15.1 | Mar 2, 2022 | An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write soc | ||
| CVE-2021-3631 | — | < 6.0.0-lp152.9.12.1 | 6.0.0-lp152.9.12.1 | Mar 2, 2022 | A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to | ||
| CVE-2020-14339 | — | < 6.0.0-lp152.9.3.1 | 6.0.0-lp152.9.3.1 | Dec 3, 2020 | A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform ope | ||
| CVE-2020-15708 | — | < 6.0.0-lp152.9.6.2 | 6.0.0-lp152.9.6.2 | Nov 6, 2020 | Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code. | ||
| CVE-2020-25637 | — | < 6.0.0-lp152.9.6.2 | 6.0.0-lp152.9.6.2 | Oct 6, 2020 | A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-w |
- CVE-2021-3667Mar 2, 2022affected < 6.0.0-lp152.9.15.1fixed 6.0.0-lp152.9.15.1
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write soc
- CVE-2021-3631Mar 2, 2022affected < 6.0.0-lp152.9.12.1fixed 6.0.0-lp152.9.12.1
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to
- CVE-2020-14339Dec 3, 2020affected < 6.0.0-lp152.9.3.1fixed 6.0.0-lp152.9.3.1
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform ope
- CVE-2020-15708Nov 6, 2020affected < 6.0.0-lp152.9.6.2fixed 6.0.0-lp152.9.6.2
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.
- CVE-2020-25637Oct 6, 2020affected < 6.0.0-lp152.9.6.2fixed 6.0.0-lp152.9.6.2
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-w