rpm package
suse/libvirt&distro=SUSE Linux Enterprise Server 12 SP3-LTSS
pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3975 | — | < 3.3.0-5.49.1 | 3.3.0-5.49.1 | Aug 23, 2022 | A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the gues | ||
| CVE-2021-4147 | — | < 3.3.0-5.49.1 | 3.3.0-5.49.1 | Mar 25, 2022 | A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. | ||
| CVE-2020-15708 | — | < 3.3.0-5.46.1 | 3.3.0-5.46.1 | Nov 6, 2020 | Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code. | ||
| CVE-2020-25637 | — | < 3.3.0-5.46.1 | 3.3.0-5.46.1 | Oct 6, 2020 | A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-w | ||
| CVE-2019-10167 | — | < 3.3.0-5.40.1 | 3.3.0-5.40.1 | Aug 2, 2019 | The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. | ||
| CVE-2019-10161 | — | < 3.3.0-5.40.1 | 3.3.0-5.40.1 | Jul 30, 2019 | It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirt |
- CVE-2021-3975Aug 23, 2022affected < 3.3.0-5.49.1fixed 3.3.0-5.49.1
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the gues
- CVE-2021-4147Mar 25, 2022affected < 3.3.0-5.49.1fixed 3.3.0-5.49.1
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.
- CVE-2020-15708Nov 6, 2020affected < 3.3.0-5.46.1fixed 3.3.0-5.46.1
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.
- CVE-2020-25637Oct 6, 2020affected < 3.3.0-5.46.1fixed 3.3.0-5.46.1
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-w
- CVE-2019-10167Aug 2, 2019affected < 3.3.0-5.40.1fixed 3.3.0-5.40.1
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities.
- CVE-2019-10161Jul 30, 2019affected < 3.3.0-5.40.1fixed 3.3.0-5.40.1
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirt