Search CVE reports

31 – 40 of 93 results

Detailed view

Sort by:

CVE-2016-10746

Medium priority

Vulnerable

libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.

1 affected packages

libvirt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libvirt	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2019-3886

Low priority

Fixed

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial...

1 affected packages

libvirt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libvirt	—	—	Fixed	Not affected	Not affected

CVE-2019-3840

Medium priority

Fixed

A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.

1 affected packages

libvirt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libvirt	—	—	—	Fixed	Fixed

CVE-2017-2635

Low priority

Not affected

A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.

1 affected packages

libvirt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libvirt	—	—	—	—	Not affected

CVE-2015-5160

Low priority

Ignored

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

1 affected packages

libvirt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libvirt	—	—	—	—	Ignored

CVE-2018-3639

Medium priority

Some fixes available 59 of 69

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with...

147 affected packages

intel-microcode, libvirt, linux, linux-allwinner, linux-allwinner-5.19...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
intel-microcode	Not affected	Not affected	Not affected	Fixed	Fixed
libvirt	Fixed	Fixed	Fixed	Fixed	Fixed
linux	Not affected	Not affected	Not affected	Fixed	Fixed
linux-allwinner	Not in release	Not in release	Not in release	Not in release	Not in release
linux-allwinner-5.19	Not in release	Not affected	Not in release	Not in release	Not in release
linux-aws	Not affected	Not affected	Not affected	Fixed	Fixed
linux-aws-5.0	Not in release	Not in release	Not in release	Not affected	Not in release
linux-aws-5.11	Not in release	Not in release	Not affected	Not in release	Not in release
linux-aws-5.13	Not in release	Not in release	Not affected	Not in release	Not in release
linux-aws-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-aws-5.19	Not in release	Not affected	Not in release	Not in release	Not in release
linux-aws-5.3	Not in release	Not in release	Not in release	Not affected	Not in release
linux-aws-5.4	Not in release	Not in release	Not in release	Not affected	Not in release
linux-aws-5.8	Not in release	Not in release	Not affected	Not in release	Not in release
linux-aws-6.2	Not in release	Not affected	Not in release	Not in release	Not in release
linux-aws-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-aws-fips	Not in release	Not in release	Not in release	Not in release	Not in release
linux-aws-hwe	Not in release	Not in release	Not in release	Not in release	Not affected
linux-azure	Not affected	Not affected	Not affected	Fixed	Fixed
linux-azure-4.15	Not in release	Not in release	Not in release	Not affected	Not in release
linux-azure-5.11	Not in release	Not in release	Not affected	Not in release	Not in release
linux-azure-5.13	Not in release	Not in release	Not affected	Not in release	Not in release
linux-azure-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-azure-5.19	Not in release	Not affected	Not in release	Not in release	Not in release
linux-azure-5.3	Not in release	Not in release	Not in release	Not affected	Not in release
linux-azure-5.4	Not in release	Not in release	Not in release	Not affected	Not in release
linux-azure-5.8	Not in release	Not in release	Not affected	Not in release	Not in release
linux-azure-6.2	Not in release	Not affected	Not in release	Not in release	Not in release
linux-azure-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-azure-edge	Not in release	Not in release	Not in release	Fixed	Not in release
linux-azure-fde	Not in release	Not affected	Not affected	Not in release	Not in release
linux-azure-fde-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-azure-fde-5.19	Not in release	Not affected	Not in release	Not in release	Not in release
linux-azure-fde-6.2	Not in release	Not affected	Not in release	Not in release	Not in release
linux-azure-fips	Not in release	Not in release	Not in release	Not in release	Not in release
linux-bluefield	Not in release	Not in release	Not affected	Not in release	Not in release
linux-dell300x	Not in release	Not in release	Not in release	Not affected	Not in release
linux-euclid	Not in release	Not in release	Not in release	Not in release	Ignored
linux-fips	Not in release	Not in release	Not in release	Not in release	Ignored
linux-flo	Not in release	Not in release	Not in release	Not in release	Ignored
linux-gcp	Not affected	Not affected	Not affected	Fixed	Fixed
linux-gcp-4.15	Not in release	Not in release	Not in release	Not affected	Not in release
linux-gcp-5.11	Not in release	Not in release	Not affected	Not in release	Not in release
linux-gcp-5.13	Not in release	Not in release	Not affected	Not in release	Not in release
linux-gcp-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-gcp-5.19	Not in release	Not affected	Not in release	Not in release	Not in release
linux-gcp-5.3	Not in release	Not in release	Not in release	Not affected	Not in release
linux-gcp-5.4	Not in release	Not in release	Not in release	Not affected	Not in release
linux-gcp-5.8	Not in release	Not in release	Not affected	Not in release	Not in release
linux-gcp-6.2	Not in release	Not affected	Not in release	Not in release	Not in release
linux-gcp-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-gcp-edge	Not in release	Not in release	Not in release	Fixed	Not in release
linux-gcp-fips	Not in release	Not in release	Not in release	Not in release	Not in release
linux-gke	Not affected	Not affected	Not affected	Not in release	Ignored
linux-gke-4.15	Not in release	Not in release	Not in release	Not affected	Not in release
linux-gke-5.0	Not in release	Not in release	Not in release	Not affected	Not in release
linux-gke-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-gke-5.3	Not in release	Not in release	Not in release	Not affected	Not in release
linux-gke-5.4	Not in release	Not in release	Not in release	Not affected	Not in release
linux-gkeop	Not in release	Not affected	Not affected	Not in release	Not in release
linux-gkeop-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-gkeop-5.4	Not in release	Not in release	Not in release	Not affected	Not in release
linux-goldfish	Not in release	Not in release	Not in release	Not in release	Ignored
linux-grouper	Not in release	Not in release	Not in release	Not in release	Not in release
linux-hwe	Not in release	Not in release	Not in release	Not affected	Fixed
linux-hwe-5.11	Not in release	Not in release	Not affected	Not in release	Not in release
linux-hwe-5.13	Not in release	Not in release	Not affected	Not in release	Not in release
linux-hwe-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-hwe-5.19	Not in release	Not affected	Not in release	Not in release	Not in release
linux-hwe-5.4	Not in release	Not in release	Not in release	Not affected	Not in release
linux-hwe-5.8	Not in release	Not in release	Not affected	Not in release	Not in release
linux-hwe-6.2	Not in release	Not affected	Not in release	Not in release	Not in release
linux-hwe-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-hwe-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-hwe-edge	Not in release	Not in release	Not in release	Not affected	Fixed
linux-ibm	Not affected	Not affected	Not affected	Not in release	Not in release
linux-ibm-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-ibm-5.4	Not in release	Not in release	Not in release	Not affected	Not in release
linux-intel	Not affected	Not in release	Not in release	Not in release	Not in release
linux-intel-5.13	Not in release	Not in release	Not affected	Not in release	Not in release
linux-intel-iot-realtime	Not in release	Not in release	Not in release	Not in release	Not in release
linux-intel-iotg	Not in release	Not affected	Not in release	Not in release	Not in release
linux-intel-iotg-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-iot	Not in release	Not in release	Not affected	Not in release	Not in release
linux-kvm	Not in release	Not affected	Not affected	Fixed	Fixed
linux-laptop	Not in release	Not in release	Not in release	Not in release	Not in release
linux-lowlatency	Not affected	Not affected	Not in release	Not in release	Not in release
linux-lowlatency-hwe-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-lowlatency-hwe-5.19	Not in release	Not affected	Not in release	Not in release	Not in release
linux-lowlatency-hwe-6.2	Not in release	Not affected	Not in release	Not in release	Not in release
linux-lowlatency-hwe-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-lowlatency-hwe-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-lts-trusty	Not in release	Not in release	Not in release	Not in release	Not in release
linux-lts-utopic	Not in release	Not in release	Not in release	Not in release	Not in release
linux-lts-vivid	Not in release	Not in release	Not in release	Not in release	Not in release
linux-lts-wily	Not in release	Not in release	Not in release	Not in release	Not in release
linux-lts-xenial	Not in release	Not in release	Not in release	Not in release	Not in release
linux-maguro	Not in release	Not in release	Not in release	Not in release	Not in release
linux-mako	Not in release	Not in release	Not in release	Not in release	Ignored
linux-manta	Not in release	Not in release	Not in release	Not in release	Not in release
linux-nvidia	Not affected	Not affected	Not in release	Not in release	Not in release
linux-nvidia-6.2	Not in release	Not affected	Not in release	Not in release	Not in release
linux-nvidia-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-nvidia-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-nvidia-lowlatency	Not affected	Not in release	Not in release	Not in release	Not in release
linux-oem	Not in release	Not in release	Not in release	Fixed	Fixed
linux-oem-5.10	Not in release	Not in release	Not affected	Not in release	Not in release
linux-oem-5.13	Not in release	Not in release	Not affected	Not in release	Not in release
linux-oem-5.14	Not in release	Not in release	Not affected	Not in release	Not in release
linux-oem-5.17	Not in release	Not affected	Not in release	Not in release	Not in release
linux-oem-5.6	Not in release	Not in release	Not affected	Not in release	Not in release
linux-oem-6.0	Not in release	Not affected	Not in release	Not in release	Not in release
linux-oem-6.1	Not in release	Not affected	Not in release	Not in release	Not in release
linux-oem-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-oem-6.8	Not affected	Not in release	Not in release	Not in release	Not in release
linux-oem-osp1	Not in release	Not in release	Not in release	Not affected	Not in release
linux-oracle	Not affected	Not affected	Not affected	Not affected	Not affected
linux-oracle-5.0	Not in release	Not in release	Not in release	Not affected	Not in release
linux-oracle-5.11	Not in release	Not in release	Not affected	Not in release	Not in release
linux-oracle-5.13	Not in release	Not in release	Not affected	Not in release	Not in release
linux-oracle-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-oracle-5.3	Not in release	Not in release	Not in release	Not affected	Not in release
linux-oracle-5.4	Not in release	Not in release	Not in release	Not affected	Not in release
linux-oracle-5.8	Not in release	Not in release	Not affected	Not in release	Not in release
linux-oracle-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-raspi	Not affected	Not affected	Not affected	Not in release	Not in release
linux-raspi-5.4	Not in release	Not in release	Not in release	Not affected	Not in release
linux-raspi-realtime	Not in release	Not in release	Not in release	Not in release	Not in release
linux-raspi2	Not in release	Not in release	Not affected	Fixed	Fixed
linux-raspi2-5.3	Not in release	Not in release	Not in release	Not affected	Not in release
linux-realtime	Not in release	Ignored	Not in release	Not in release	Not in release
linux-riscv	Not affected	Not affected	Not affected	Not in release	Not in release
linux-riscv-5.11	Not in release	Not in release	Not affected	Not in release	Not in release
linux-riscv-5.15	Not in release	Not in release	Not affected	Not in release	Not in release
linux-riscv-5.19	Not in release	Not affected	Not in release	Not in release	Not in release
linux-riscv-5.8	Not in release	Not in release	Not affected	Not in release	Not in release
linux-riscv-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-riscv-6.8	Not in release	Not affected	Not in release	Not in release	Not in release
linux-snapdragon	Not in release	Not in release	Not in release	Fixed	Fixed
linux-starfive	Not in release	Not in release	Not in release	Not in release	Not in release
linux-starfive-5.19	Not in release	Not affected	Not in release	Not in release	Not in release
linux-starfive-6.2	Not in release	Not affected	Not in release	Not in release	Not in release
linux-starfive-6.5	Not in release	Not affected	Not in release	Not in release	Not in release
linux-xilinx-zynqmp	Not in release	Not affected	Not affected	Not in release	Not in release
qemu	Fixed	Fixed	Fixed	Fixed	Fixed
qemu-kvm	Not in release	Not in release	Not in release	Not in release	Not in release
xen	Not affected	Not affected	Not affected	Not affected	Needs evaluation

CVE-2018-1064

Low priority

Fixed

libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.

1 affected packages

libvirt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libvirt	—	—	Not affected	Fixed	Fixed

CVE-2018-6764

Low priority

Fixed

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.

1 affected packages

libvirt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libvirt	—	—	—	—	Fixed

CVE-2018-5748

Low priority

Fixed

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.

1 affected packages

libvirt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libvirt	—	—	Not affected	Not affected	Fixed

CVE-2017-5715

High priority

Some fixes available 42 of 54

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

40 affected packages

amd64-microcode, firefox, intel-microcode, libvirt, linux...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
amd64-microcode	—	—	—	Fixed	Fixed
firefox	—	—	—	Fixed	Fixed
intel-microcode	—	—	—	Not affected	Fixed
libvirt	—	—	—	Not affected	Fixed
linux	—	—	—	Not affected	Fixed
linux-armadaxp	—	—	—	Not in release	Not in release
linux-aws	—	—	—	Not affected	Fixed
linux-azure	—	—	—	Not affected	Fixed
linux-azure-edge	—	—	—	Not affected	Not affected
linux-euclid	—	—	—	Not in release	Fixed
linux-flo	—	—	—	Not in release	Ignored
linux-gcp	—	—	—	Not affected	Fixed
linux-gke	—	—	—	Not in release	Ignored
linux-goldfish	—	—	—	Not in release	Ignored
linux-grouper	—	—	—	Not in release	Not in release
linux-hwe	—	—	—	Not affected	Fixed
linux-hwe-edge	—	—	—	Not affected	Fixed
linux-kvm	—	—	—	Not affected	Fixed
linux-linaro-omap	—	—	—	Not in release	Not in release
linux-linaro-shared	—	—	—	Not in release	Not in release
linux-linaro-vexpress	—	—	—	Not in release	Not in release
linux-lts-quantal	—	—	—	Not in release	Not in release
linux-lts-raring	—	—	—	Not in release	Not in release
linux-lts-saucy	—	—	—	Not in release	Not in release
linux-lts-trusty	—	—	—	Not in release	Not in release
linux-lts-utopic	—	—	—	Not in release	Not in release
linux-lts-vivid	—	—	—	Not in release	Not in release
linux-lts-wily	—	—	—	Not in release	Not in release
linux-lts-xenial	—	—	—	Not in release	Not in release
linux-maguro	—	—	—	Not in release	Not in release
linux-mako	—	—	—	Not in release	Ignored
linux-manta	—	—	—	Not in release	Not in release
linux-oem	—	—	—	Not affected	Fixed
linux-qcm-msm	—	—	—	Not in release	Not in release
linux-raspi2	—	—	—	Not affected	Fixed
linux-snapdragon	—	—	—	Not affected	Fixed
linux-ti-omap4	—	—	—	Not in release	Not in release
qemu	—	—	—	Fixed	Fixed
qemu-kvm	—	—	—	Not in release	Not in release
webkit2gtk	—	—	—	Not affected	Fixed

Export to JSON

Results by page: