CVE-2019-3886

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
redhatCNA
5.4 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
redhatlibvirt
4.8.0 ≤
𝑥
< 5.3.0
opensuseleap
42.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvirt
bullseye
7.0.0-3+deb11u3
fixed
stretch
not-affected
jessie
not-affected
bookworm
9.0.0-4+deb12u1
fixed
sid
10.9.0-1
fixed
trixie
10.9.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libvirt
hirsute
Fixed 5.4.0-0ubuntu1
released
groovy
Fixed 5.4.0-0ubuntu1
released
focal
Fixed 5.4.0-0ubuntu1
released
eoan
Fixed 5.4.0-0ubuntu1
released
disco
Fixed 5.0.0-1ubuntu2.3
released
cosmic
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html
http://www.securityfocus.com/bid/107777
https://access.redhat.com/errata/RHBA-2019:3723
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH/
https://usn.ubuntu.com/4021-1/
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html
http://www.securityfocus.com/bid/107777
https://access.redhat.com/errata/RHBA-2019:3723
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH/
https://usn.ubuntu.com/4021-1/