Note:
This project will be discontinued after December 13, 2021. [more]
2019-08-02
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
Products | Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Libvirt, Virtualization |
Type | Missing Authorization (CWE-862) Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) |
First patch | - None (likely due to unavailable code) |
Links |
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167
• https://security.gentoo.org/glsa/202003-18 • https://access.redhat.com/libvirt-privesc-vulnerabilities |