Vulnerability Details : CVE-2019-10166

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.

Vulnerability category: BypassGain privilege

Published 2019-08-02 13:15:12

Updated 2020-10-15 13:28:10

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2019-10166

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2019-10166

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	[email protected]
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H	1.1	6.0	[email protected]
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	[email protected]
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-10166

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: [email protected] (Secondary)

References for CVE-2019-10166

https://security.gentoo.org/glsa/202003-18

Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166

Issue Tracking;Vendor Advisory
https://access.redhat.com/libvirt-privesc-vulnerabilities

Vendor Advisory

CVEs referencing this url

Products affected by CVE-2019-10166

Redhat » Enterprise Linux » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt
Versions from including (>=) 5.0.0 and before (<) 5.4.1
cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt
Versions from including (>=) 4.0.0 and before (<) 4.10.1
cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Virtualization » Version: 4.3
cpe:2.3:o:redhat:virtualization:4.3:*:*:*:*:*:*:*
Matching versions