An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
libvirt is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. libvirt version 4.8.0 and later are vulnerable.
Updates are available. Please see the references or vendor advisory for more information.
Currently, we are not aware of any working exploits.
|2019-04-03||CVE-2018-20506||Integer Overflow or Wraparound vulnerability in multiple products||Medium|
|2019-04-01||CVE-2019-3836||Access of Uninitialized Pointer vulnerability in multiple products||Medium|