rpm package
opensuse/libvirt&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/libvirt&distro=openSUSE%20Leap%2015.6
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-13193 | Med | 5.5 | < 10.0.0-150600.8.12.1 | 10.0.0-150600.8.12.1 | Nov 17, 2025 | A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability. | |
| CVE-2025-12748 | Med | 5.5 | < 10.0.0-150600.8.12.1 | 10.0.0-150600.8.12.1 | Nov 11, 2025 | A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvir | |
| CVE-2024-4418 | Med | 6.2 | < 10.0.0-150600.8.3.1 | 10.0.0-150600.8.3.1 | May 8, 2024 | A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while |
- affected < 10.0.0-150600.8.12.1fixed 10.0.0-150600.8.12.1
A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.
- affected < 10.0.0-150600.8.12.1fixed 10.0.0-150600.8.12.1
A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvir
- affected < 10.0.0-150600.8.3.1fixed 10.0.0-150600.8.3.1
A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while