threat
engine
.sh
Back
·
··:··
Home
/
Product
/
redhat libvirt
Product
redhat libvirt
82 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-8235
>= 10.4.0 and < 10.7.0
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on
6.2
MEDIUM
CVE-2024-2496
< 9.8.0
A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when det
5.0
MEDIUM
CVE-2023-3750
all versions
A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a ra
6.5
MEDIUM
CVE-2023-2700
all versions
A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities th
5.5
MEDIUM
CVE-2021-3975
< 7.1.0
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using mu
6.5
MEDIUM
CVE-2022-0897
<= 1.1.1
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver-nwfilter
4.3
MEDIUM
CVE-2021-4147
< 2.33.0
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to
6.5
MEDIUM
CVE-2021-3667
>= 4.1.0 and <= 7.5.0
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTa
6.5
MEDIUM
CVE-2021-3631
< 7.5.0
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited
6.3
MEDIUM
CVE-2020-14301
>= 6.2.0 and < 6.3.0
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based d
6.5
MEDIUM
CVE-2020-10701
< 6.2.0
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allo
6.5
MEDIUM
CVE-2021-3559
>= 6.10.0 and < 7.0.0
A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI dev
6.5
MEDIUM
CVE-2020-14339
>= 6.2.0 and < 6.7.0
A flaw was found in libvirt, where it leaked a file descriptor for
/dev/mapper/control
into the QEMU process. This file descript
8.8
HIGH
CVE-2020-25637
< 6.8.0
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information
6.7
MEDIUM
CVE-2020-10703
>= 3.10.0 and < 6.0.0
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.
6.5
MEDIUM
CVE-2020-12430
>= 4.10.0 and < 6.1.0
An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory le
6.5
MEDIUM
CVE-2019-20485
< 6.0.0
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows a
5.7
MEDIUM
CVE-2019-10168
>= 4.0.0 and < 4.10.1
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.
7.8
HIGH
CVE-2019-10167
>= 4.0.0 and < 4.10.1
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" a
7.8
HIGH
CVE-2019-10166
>= 4.0.0 and < 4.10.1
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the vir
7.8
HIGH
CVE-2019-10161
< 4.10.1
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXM
7.8
HIGH
CVE-2019-10132
<= 4.1.0
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing Soc
8.8
HIGH
CVE-2016-10746
< 1.3.1
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an
7.5
HIGH
CVE-2019-3886
>= 4.8.0 and < 5.3.0
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depen
5.4
MEDIUM
CVE-2019-3840
< 5.0.0
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through th
5.8
MEDIUM
CVE-2017-2635
>= 2.5.0 and <= 3.0.0
A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attack
7.7
HIGH
CVE-2015-5160
< 2.2
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local
5.5
MEDIUM
CVE-2018-1064
<= 4.1.0
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that af
7.5
HIGH
CVE-2018-6764
all versions
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to b
7.8
HIGH
CVE-2018-5748
all versions
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
7.5
HIGH
CVE-2017-1000256
>= 2.3.0 and < 3.9.0
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulti
8.1
HIGH
CVE-2016-5008
<= 1.3.5
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allo
9.8
CRITICAL
CVE-2014-3672
<= 1.2.21
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consum
6.5
MEDIUM
CVE-2015-5247
all versions
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to
6.5
MEDIUM
CVE-2011-4600
all versions
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules
5.9
MEDIUM
CVE-2015-5313
all versions
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt,
2.5
LOW
CVE-2015-0236
<= 1.2.11
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a c
CVE-2014-8131
<= 1.2.10
The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is sk
CVE-2014-8136
all versions
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the dom
CVE-2014-8135
all versions
The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which al
CVE-2013-4399
<= 1.1.3
The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which
CVE-2014-7823
<= 1.2.10
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOM
CVE-2014-3657
<= 1.2.8
The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains
CVE-2014-3633
<= 1.2.8
The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed f
CVE-2014-5177
all versions
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files
CVE-2014-0179
all versions
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML d
CVE-2013-7336
<= 1.1.2
The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when per
CVE-2013-6456
all versions
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the v
CVE-2014-1447
<= 1.2.0
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial
CVE-2014-0028
all versions
libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restriction
CVE-2013-6458
<= 1.2.0
Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGe
CVE-2013-6457
<= 1.2.0
The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly ini
CVE-2013-6436
all versions
The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of L
CVE-2013-4400
all versions
virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via u
CVE-2013-4401
all versions
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the
CVE-2013-4311
all versions
libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended acces
CVE-2013-5651
<= 1.1.1
The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of se
CVE-2013-4297
<= 1.1.2
The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a
CVE-2013-4296
all versions
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x
CVE-2013-4292
all versions
libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate
CVE-2013-4291
all versions
The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label,
CVE-2013-4239
all versions
The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a deni
CVE-2013-4154
<= 1.1.0
The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a de
CVE-2013-4153
all versions
Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote atta
CVE-2013-2230
<= 1.1.0
The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemo
CVE-2013-2218
all versions
Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows
CVE-2013-1962
all versions
The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause
CVE-2013-1766
<= 1.0.2
libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspe
CVE-2013-0170
>= 0.9.6 and < 0.9.6.4
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 b
CVE-2012-4423
<= 0.10.1
The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL p
CVE-2012-3445
all versions
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, wh
CVE-2012-2693
<= 0.9.11
libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vend
CVE-2011-2511
<= 0.9.2
Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possi
CVE-2011-2178
all versions
The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argumen
CVE-2011-1486
<= 0.8.8
libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of serv
CVE-2011-1146
all versions
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote
CVE-2010-2242
all versions
Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest O
CVE-2010-2239
all versions
Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which all
CVE-2010-2238
all versions
Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing
CVE-2010-2237
all versions
Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format
CVE-2009-0036
all versions
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to g
CVE-2008-5086
all versions
Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass inte
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin