CVE-2019-10166

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
7.8 HIGH
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
redhatlibvirt
4.0.0 ≤
𝑥
< 4.10.1
redhatlibvirt
5.0.0 ≤
𝑥
< 5.4.1
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
redhatvirtualization
4.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvirt
bullseye
7.0.0-3+deb11u3
fixed
stretch
not-affected
jessie
not-affected
bookworm
9.0.0-4+deb12u1
fixed
sid
10.9.0-1
fixed
trixie
10.9.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libvirt
disco
Fixed 5.0.0-1ubuntu2.4
released
cosmic
Fixed 4.6.0-2ubuntu3.8
released
bionic
Fixed 4.0.0-1ubuntu8.12
released
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://access.redhat.com/libvirt-privesc-vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166
https://security.gentoo.org/glsa/202003-18
https://access.redhat.com/libvirt-privesc-vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166
https://security.gentoo.org/glsa/202003-18