vulnerability
Amazon Linux AMI 2: CVE-2019-10161: Security patch for libvirt (ALAS-2019-1274)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Jul 30, 2019 | Apr 27, 2020 | Sep 30, 2022 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Jul 30, 2019
Added
Apr 27, 2020
Modified
Sep 30, 2022
Description
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
Solutions
amazon-linux-ami-2-upgrade-libvirtamazon-linux-ami-2-upgrade-libvirt-adminamazon-linux-ami-2-upgrade-libvirt-bash-completionamazon-linux-ami-2-upgrade-libvirt-clientamazon-linux-ami-2-upgrade-libvirt-daemonamazon-linux-ami-2-upgrade-libvirt-daemon-config-networkamazon-linux-ami-2-upgrade-libvirt-daemon-config-nwfilteramazon-linux-ami-2-upgrade-libvirt-daemon-driver-interfaceamazon-linux-ami-2-upgrade-libvirt-daemon-driver-lxcamazon-linux-ami-2-upgrade-libvirt-daemon-driver-networkamazon-linux-ami-2-upgrade-libvirt-daemon-driver-nodedevamazon-linux-ami-2-upgrade-libvirt-daemon-driver-nwfilteramazon-linux-ami-2-upgrade-libvirt-daemon-driver-qemuamazon-linux-ami-2-upgrade-libvirt-daemon-driver-secretamazon-linux-ami-2-upgrade-libvirt-daemon-driver-storageamazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-coreamazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-diskamazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-glusteramazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-iscsiamazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-logicalamazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-mpathamazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-rbdamazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-scsiamazon-linux-ami-2-upgrade-libvirt-daemon-kvmamazon-linux-ami-2-upgrade-libvirt-daemon-lxcamazon-linux-ami-2-upgrade-libvirt-debuginfoamazon-linux-ami-2-upgrade-libvirt-develamazon-linux-ami-2-upgrade-libvirt-docsamazon-linux-ami-2-upgrade-libvirt-libsamazon-linux-ami-2-upgrade-libvirt-lock-sanlockamazon-linux-ami-2-upgrade-libvirt-login-shellamazon-linux-ami-2-upgrade-libvirt-nss
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.