Launchpad.net

CVE 2019-10166

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.

Related bugs and status

CVE-2019-10166 (Candidate) is related to these bugs:

Bug #1655111: LibVirt Apparmor profile has qemu-bridge-helper listed in the wrong directory

Summary				In	Importance	Status
	1655111	LibVirt Apparmor profile has qemu-bridge-helper listed in the wrong directory		libvirt (Ubuntu)	Medium	Fix Released
	1655111	LibVirt Apparmor profile has qemu-bridge-helper listed in the wrong directory		libvirt (Ubuntu Eoan)	Medium	Fix Released

Bug #1845506: Libvirt snapshot doesn't update apparmor profile

		In	Importance	Status
1845506	Libvirt snapshot doesn't update apparmor profile	libvirt (Ubuntu)	Medium	Fix Released
1845506	Libvirt snapshot doesn't update apparmor profile	libvirt	Undecided	Confirmed
1845506	Libvirt snapshot doesn't update apparmor profile	libvirt (Ubuntu Bionic)	Undecided	Won't Fix

Bug #1848229: [Power9][WSP][DD2.3] cap-ibs=workaround defaults to "full software flush sequence" though "hardware assisted flush" is available

		In	Importance	Status
1848229	[Power9][WSP][DD2.3] cap-ibs=workaround defaults to "full software flush sequence" though "hardware assisted flush" is available	libvirt (Ubuntu)	Undecided	Fix Released
1848229	[Power9][WSP][DD2.3] cap-ibs=workaround defaults to "full software flush sequence" though "hardware assisted flush" is available	The Ubuntu-power-systems project	Medium	Fix Released
1848229	[Power9][WSP][DD2.3] cap-ibs=workaround defaults to "full software flush sequence" though "hardware assisted flush" is available	libvirt (Ubuntu Bionic)	Undecided	Won't Fix
1848229	[Power9][WSP][DD2.3] cap-ibs=workaround defaults to "full software flush sequence" though "hardware assisted flush" is available	libvirt (Ubuntu Eoan)	Undecided	Won't Fix
1848229	[Power9][WSP][DD2.3] cap-ibs=workaround defaults to "full software flush sequence" though "hardware assisted flush" is available	libvirt (Ubuntu Focal)	Undecided	Fix Released
1848229	[Power9][WSP][DD2.3] cap-ibs=workaround defaults to "full software flush sequence" though "hardware assisted flush" is available	libvirt (Ubuntu Disco)	Undecided	Won't Fix

Bug #1854653: during shutdown libvirt-guests.sh shouldn't run if libvirtd isn't running

Summary				In	Importance	Status
	1854653	during shutdown libvirt-guests.sh shouldn't run if libvirtd isn't running		libvirt (Ubuntu)	Low	Fix Released

Bug #1858341: rbd driver does not list all volumes in pool

Summary				In	Importance	Status
	1858341	rbd driver does not list all volumes in pool		libvirt (Ubuntu)	High	Fix Released
	1858341	rbd driver does not list all volumes in pool		libvirt (Ubuntu Eoan)	Low	Won't Fix

Bug #1859253: rbd driver fails to create a new volume

Summary				In	Importance	Status
	1859253	rbd driver fails to create a new volume		libvirt (Ubuntu)	High	Fix Released
	1859253	rbd driver fails to create a new volume		libvirt (Ubuntu Eoan)	Low	Won't Fix

Bug #1859506: swtpm fails in focal with apparmor

Summary				In	Importance	Status
	1859506	swtpm fails in focal with apparmor		qemu (Ubuntu)	Undecided	Invalid
	1859506	swtpm fails in focal with apparmor		libvirt (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2019-10166

Related bugs and status

Related bugs

References