CVE-2019-10166

EUVD-2019-2199
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
7.8 HIGH
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
redhatlibvirt
4.0.0 ≤
𝑥
< 4.10.1
redhatlibvirt
5.0.0 ≤
𝑥
< 5.4.1
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
redhatvirtualization
4.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvirt
bookworm
9.0.0-4+deb12u1
fixed
bullseye
7.0.0-3+deb11u3
fixed
jessie
not-affected
sid
10.9.0-1
fixed
stretch
not-affected
trixie
10.9.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libvirt
bionic
Fixed 4.0.0-1ubuntu8.12
released
cosmic
Fixed 4.6.0-2ubuntu3.8
released
disco
Fixed 5.0.0-1ubuntu2.4
released
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://access.redhat.com/libvirt-privesc-vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166
https://security.gentoo.org/glsa/202003-18
https://access.redhat.com/libvirt-privesc-vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166
https://security.gentoo.org/glsa/202003-18