CVE-2019-3886

EUVD-2019-13496
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
redhatCNA
5.4 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
redhatlibvirt
4.8.0 ≤
𝑥
< 5.3.0
opensuseleap
42.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvirt
bookworm
9.0.0-4+deb12u1
fixed
bullseye
7.0.0-3+deb11u3
fixed
jessie
not-affected
sid
10.9.0-1
fixed
stretch
not-affected
trixie
10.9.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libvirt
bionic
not-affected
cosmic
not-affected
disco
Fixed 5.0.0-1ubuntu2.3
released
eoan
Fixed 5.4.0-0ubuntu1
released
focal
Fixed 5.4.0-0ubuntu1
released
groovy
Fixed 5.4.0-0ubuntu1
released
hirsute
Fixed 5.4.0-0ubuntu1
released
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html
http://www.securityfocus.com/bid/107777
https://access.redhat.com/errata/RHBA-2019:3723
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH/
https://usn.ubuntu.com/4021-1/
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html
http://www.securityfocus.com/bid/107777
https://access.redhat.com/errata/RHBA-2019:3723
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH/
https://usn.ubuntu.com/4021-1/