Launchpad.net

CVE 2019-10161

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.

Related bugs and status

CVE-2019-10161 (Candidate) is related to these bugs:

Bug #1655111: LibVirt Apparmor profile has qemu-bridge-helper listed in the wrong directory

Summary				In	Importance	Status
	1655111	LibVirt Apparmor profile has qemu-bridge-helper listed in the wrong directory		libvirt (Ubuntu)	Medium	Fix Released
	1655111	LibVirt Apparmor profile has qemu-bridge-helper listed in the wrong directory		libvirt (Ubuntu Eoan)	Medium	Fix Released

Bug #1845506: Libvirt snapshot doesn't update apparmor profile

		In	Importance	Status
1845506	Libvirt snapshot doesn't update apparmor profile	libvirt (Ubuntu)	Medium	Fix Released
1845506	Libvirt snapshot doesn't update apparmor profile	libvirt	Undecided	Confirmed
1845506	Libvirt snapshot doesn't update apparmor profile	libvirt (Ubuntu Bionic)	Undecided	Won't Fix

Bug #1848229: [Power9][WSP][DD2.3] cap-ibs=workaround defaults to "full software flush sequence" though "hardware assisted flush" is available

		In	Importance	Status
1848229	[Power9][WSP][DD2.3] cap-ibs=workaround defaults to "full software flush sequence" though "hardware assisted flush" is available	libvirt (Ubuntu)	Undecided	Fix Released
1848229	[Power9][WSP][DD2.3] cap-ibs=workaround defaults to "full software flush sequence" though "hardware assisted flush" is available	The Ubuntu-power-systems project	Medium	Fix Released
1848229	[Power9][WSP][DD2.3] cap-ibs=workaround defaults to "full software flush sequence" though "hardware assisted flush" is available	libvirt (Ubuntu Bionic)	Undecided	Won't Fix
1848229	[Power9][WSP][DD2.3] cap-ibs=workaround defaults to "full software flush sequence" though "hardware assisted flush" is available	libvirt (Ubuntu Eoan)	Undecided	Won't Fix
1848229	[Power9][WSP][DD2.3] cap-ibs=workaround defaults to "full software flush sequence" though "hardware assisted flush" is available	libvirt (Ubuntu Focal)	Undecided	Fix Released
1848229	[Power9][WSP][DD2.3] cap-ibs=workaround defaults to "full software flush sequence" though "hardware assisted flush" is available	libvirt (Ubuntu Disco)	Undecided	Won't Fix

Bug #1854653: during shutdown libvirt-guests.sh shouldn't run if libvirtd isn't running

Summary				In	Importance	Status
	1854653	during shutdown libvirt-guests.sh shouldn't run if libvirtd isn't running		libvirt (Ubuntu)	Low	Fix Released

Bug #1858341: rbd driver does not list all volumes in pool

Summary				In	Importance	Status
	1858341	rbd driver does not list all volumes in pool		libvirt (Ubuntu)	High	Fix Released
	1858341	rbd driver does not list all volumes in pool		libvirt (Ubuntu Eoan)	Low	Won't Fix

Bug #1859253: rbd driver fails to create a new volume

Summary				In	Importance	Status
	1859253	rbd driver fails to create a new volume		libvirt (Ubuntu)	High	Fix Released
	1859253	rbd driver fails to create a new volume		libvirt (Ubuntu Eoan)	Low	Won't Fix

Bug #1859506: swtpm fails in focal with apparmor

Summary				In	Importance	Status
	1859506	swtpm fails in focal with apparmor		qemu (Ubuntu)	Undecided	Invalid
	1859506	swtpm fails in focal with apparmor		libvirt (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2019-10161

Related bugs and status

Related bugs

References