vulnerability
Amazon Linux AMI 2: CVE-2019-10161: Security patch for libvirt (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Jul 30, 2019 | Apr 27, 2020 | May 20, 2026 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Jul 30, 2019
Added
Apr 27, 2020
Modified
May 20, 2026
Description
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
Solutions
amazon-linux-ami-2-upgrade-libvirtamazon-linux-ami-2-upgrade-libvirt-adminamazon-linux-ami-2-upgrade-libvirt-bash-completionamazon-linux-ami-2-upgrade-libvirt-clientamazon-linux-ami-2-upgrade-libvirt-daemonamazon-linux-ami-2-upgrade-libvirt-daemon-config-networkamazon-linux-ami-2-upgrade-libvirt-daemon-config-nwfilteramazon-linux-ami-2-upgrade-libvirt-daemon-driver-interfaceamazon-linux-ami-2-upgrade-libvirt-daemon-driver-lxcamazon-linux-ami-2-upgrade-libvirt-daemon-driver-networkamazon-linux-ami-2-upgrade-libvirt-daemon-driver-nodedevamazon-linux-ami-2-upgrade-libvirt-daemon-driver-nwfilteramazon-linux-ami-2-upgrade-libvirt-daemon-driver-qemuamazon-linux-ami-2-upgrade-libvirt-daemon-driver-secretamazon-linux-ami-2-upgrade-libvirt-daemon-driver-storageamazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-coreamazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-diskamazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-glusteramazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-iscsiamazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-logicalamazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-mpathamazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-rbdamazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-scsiamazon-linux-ami-2-upgrade-libvirt-daemon-kvmamazon-linux-ami-2-upgrade-libvirt-daemon-lxcamazon-linux-ami-2-upgrade-libvirt-debuginfoamazon-linux-ami-2-upgrade-libvirt-develamazon-linux-ami-2-upgrade-libvirt-docsamazon-linux-ami-2-upgrade-libvirt-libsamazon-linux-ami-2-upgrade-libvirt-lock-sanlockamazon-linux-ami-2-upgrade-libvirt-login-shellamazon-linux-ami-2-upgrade-libvirt-nss
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.