Vulnerabilities > CVE-2019-3840 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1724.NASL description According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) - libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function(CVE-2019-3840) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-07-22 plugin id 126852 published 2019-07-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126852 title EulerOS 2.0 SP2 : libvirt (EulerOS-SA-2019-1724) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(126852); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2019-10161", "CVE-2019-10167", "CVE-2019-3840" ); script_name(english:"EulerOS 2.0 SP2 : libvirt (EulerOS-SA-2019-1724)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) - libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function(CVE-2019-3840) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1724 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d1920901"); script_set_attribute(attribute:"solution", value: "Update the affected libvirt packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-config-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-config-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-interface"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nodedev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-secret"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-kvm"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["libvirt-2.0.0-10.10.h3", "libvirt-client-2.0.0-10.10.h3", "libvirt-daemon-2.0.0-10.10.h3", "libvirt-daemon-config-network-2.0.0-10.10.h3", "libvirt-daemon-config-nwfilter-2.0.0-10.10.h3", "libvirt-daemon-driver-interface-2.0.0-10.10.h3", "libvirt-daemon-driver-lxc-2.0.0-10.10.h3", "libvirt-daemon-driver-network-2.0.0-10.10.h3", "libvirt-daemon-driver-nodedev-2.0.0-10.10.h3", "libvirt-daemon-driver-nwfilter-2.0.0-10.10.h3", "libvirt-daemon-driver-qemu-2.0.0-10.10.h3", "libvirt-daemon-driver-secret-2.0.0-10.10.h3", "libvirt-daemon-driver-storage-2.0.0-10.10.h3", "libvirt-daemon-kvm-2.0.0-10.10.h3"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-2294.NASL description An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function (CVE-2019-3840) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 128386 published 2019-08-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128386 title CentOS 7 : libvirt (CESA-2019:2294) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:2294 and # CentOS Errata and Security Advisory 2019:2294 respectively. # include("compat.inc"); if (description) { script_id(128386); script_version("1.3"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2019-3840"); script_xref(name:"RHSA", value:"2019:2294"); script_name(english:"CentOS 7 : libvirt (CESA-2019:2294)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function (CVE-2019-3840) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section." ); # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/005972.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6a3a9f8f" ); script_set_attribute( attribute:"solution", value:"Update the affected libvirt packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3840"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-admin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-bash-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-config-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-config-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-interface"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-nodedev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-secret"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-disk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-gluster"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-iscsi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-logical"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-mpath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-rbd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage-scsi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-kvm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-lock-sanlock"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-login-shell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-nss"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/27"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-admin-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-bash-completion-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-client-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-config-network-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-config-nwfilter-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-interface-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-lxc-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-network-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-nodedev-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-nwfilter-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-qemu-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-secret-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-core-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-disk-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-gluster-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-iscsi-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-logical-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-mpath-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-rbd-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-scsi-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-kvm-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-lxc-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-devel-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-docs-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-libs-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-lock-sanlock-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-login-shell-4.5.0-23.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-nss-4.5.0-23.el7")) flag++; if (flag) { cr_plugin_caveat = '\n' + 'NOTE: The security advisory associated with this vulnerability has a\n' + 'fixed package version that may only be available in the continuous\n' + 'release (CR) repository for CentOS, until it is present in the next\n' + 'point release of CentOS.\n\n' + 'If an equal or higher package level does not exist in the baseline\n' + 'repository for your major version of CentOS, then updates from the CR\n' + 'repository will need to be applied in order to address the\n' + 'vulnerability.\n'; security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() + cr_plugin_caveat ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-admin / libvirt-bash-completion / libvirt-client / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2294.NASL description An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function (CVE-2019-3840) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127708 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127708 title RHEL 7 : libvirt (RHSA-2019:2294) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1288.NASL description This update for libvirt provides the following fixes : Security issue fixed : - CVE-2019-3840: Fixed a NULL pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). Other issues addressed : - apparmor: reintroduce upstream lxc mount rules (bsc#1130129). - hook: encode incoming XML to UTF-8 before passing to lxml etree from string method (bsc#1123642). - supportconfig: collect rotated logs in /var/log/libvirt/* (bsc#1124667). - libxl: support Xen last seen 2020-06-01 modified 2020-06-02 plugin id 124359 published 2019-04-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124359 title openSUSE Security Update : libvirt (openSUSE-2019-1288) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1361.NASL description A NULL pointer dereference flaw was discovered in libvirt in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service. (CVE-2019-3840) last seen 2020-06-01 modified 2020-06-02 plugin id 131029 published 2019-11-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131029 title Amazon Linux 2 : libvirt (ALAS-2019-1361) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0936-1.NASL description This update for libvirt provides the following fixes : Security issue fixed : CVE-2019-3840: Fixed a NULL pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). Other issues addressed: apparmor: reintroduce upstream lxc mount rules (bsc#1130129). hook: encode incoming XML to UTF-8 before passing to lxml etree from string method (bsc#1123642). supportconfig: collect rotated logs in /var/log/libvirt/* (bsc#1124667). libxl: support Xen last seen 2020-06-01 modified 2020-06-02 plugin id 124055 published 2019-04-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124055 title SUSE SLED15 / SLES15 Security Update : libvirt (SUSE-SU-2019:0936-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1294.NASL description This update for libvirt fixes the following issues : Security issues fixed : - CVE-2019-3840: Fixed a NULL pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). Other issue addressed : - cpu: add Skylake-Server and Skylake-Server-IBRS CPU models (FATE#327261, bsc#1131955) - libxl: save current memory value after successful balloon (bsc#1120813). - libxl: support Xen last seen 2020-06-01 modified 2020-06-02 plugin id 124402 published 2019-04-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124402 title openSUSE Security Update : libvirt (openSUSE-2019-1294) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1684.NASL description According to the version of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A NULL pointer dereference flaw was discovered in libvirt in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.(CVE-2019-3840) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-07-02 plugin id 126425 published 2019-07-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126425 title EulerOS 2.0 SP5 : libvirt (EulerOS-SA-2019-1684) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0948-1.NASL description This update for libvirt fixes the following issues : Security issue fixed : CVE-2019-3840: Fixed a NULL pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). Other issues addressed: libxl: support Xen last seen 2020-06-01 modified 2020-06-02 plugin id 124082 published 2019-04-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124082 title SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2019:0948-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3909-1.NASL description It was discovered that libvirt incorrectly handled waiting for certain agent events. An attacker inside a guest could possibly use this issue to cause libvirtd to stop responding, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122868 published 2019-03-15 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122868 title Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : libvirt vulnerability (USN-3909-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0237_LIBVIRT.NASL description An update of the libvirt package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126198 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126198 title Photon OS 1.0: Libvirt PHSA-2019-1.0-0237 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1367.NASL description According to the version of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A NULL pointer dereference flaw was discovered in libvirt in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.(CVE-2019-3840) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124745 published 2019-05-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124745 title EulerOS Virtualization 2.5.3 : libvirt (EulerOS-SA-2019-1367) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0553-1.NASL description This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-3840: Fixed a NULL pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). Other issues fixed: libxl: save current memory value after successful balloon (bsc#1120813). spec: Don last seen 2020-06-01 modified 2020-06-02 plugin id 123780 published 2019-04-05 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123780 title SUSE SLES12 Security Update : libvirt (SUSE-SU-2019:0553-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1653.NASL description According to the version of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A NULL pointer dereference flaw was discovered in libvirt in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.(CVE-2019-3840) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-06-27 plugin id 126280 published 2019-06-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126280 title EulerOS 2.0 SP8 : libvirt (EulerOS-SA-2019-1653) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2020.NASL description According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) - libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function(CVE-2019-3840) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-24 plugin id 129213 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129213 title EulerOS 2.0 SP3 : libvirt (EulerOS-SA-2019-2020) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1042-1.NASL description This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-3840: Fixed a NULL pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). Other issue addressed: cpu: add Skylake-Server and Skylake-Server-IBRS CPU models (FATE#327261, bsc#1131955) libxl: save current memory value after successful balloon (bsc#1120813). libxl: support Xen last seen 2020-06-01 modified 2020-06-02 plugin id 124361 published 2019-04-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124361 title SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2019:1042-1) NASL family Scientific Linux Local Security Checks NASL id SL_20190806_LIBVIRT_ON_SL7_X.NASL description Security Fix(es) : - libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function (CVE-2019-3840) last seen 2020-03-18 modified 2019-08-27 plugin id 128237 published 2019-08-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128237 title Scientific Linux Security Update : libvirt on SL7.x x86_64 (20190806) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1456.NASL description According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.(CVE-2018-6764) - qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.(CVE-2018-5748) - libvirt version 2.3.0 and later is vulnerable to a bad default configuration of last seen 2020-06-01 modified 2020-06-02 plugin id 124959 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124959 title EulerOS Virtualization 3.0.1.0 : libvirt (EulerOS-SA-2019-1456)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3840
- https://bugzilla.redhat.com/show_bug.cgi?id=1663051
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00101.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html
- https://access.redhat.com/errata/RHSA-2019:2294
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZRP2BRMI4RYFRPNFTTIAAUOGVN2ORP7/