CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-10168

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.9%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 4.6

References

Products affected by CVE-2019-10168

Redhat » Libvirt » Version: 4.0.0

cpe:2.3:a:redhat:libvirt:4.0.0
Redhat » Libvirt » Version: 4.1.0

cpe:2.3:a:redhat:libvirt:4.1.0
Redhat » Libvirt » Version: 4.10.0

cpe:2.3:a:redhat:libvirt:4.10.0
Redhat » Libvirt » Version: 4.2.0

cpe:2.3:a:redhat:libvirt:4.2.0
Redhat » Libvirt » Version: 4.3.0

cpe:2.3:a:redhat:libvirt:4.3.0
Redhat » Libvirt » Version: 4.4.0

cpe:2.3:a:redhat:libvirt:4.4.0
Redhat » Libvirt » Version: 4.5.0

cpe:2.3:a:redhat:libvirt:4.5.0
Redhat » Libvirt » Version: 4.6.0

cpe:2.3:a:redhat:libvirt:4.6.0
Redhat » Libvirt » Version: 4.7.0

cpe:2.3:a:redhat:libvirt:4.7.0
Redhat » Libvirt » Version: 4.8.0

cpe:2.3:a:redhat:libvirt:4.8.0
Redhat » Libvirt » Version: 4.9.0

cpe:2.3:a:redhat:libvirt:4.9.0
Redhat » Libvirt » Version: 5.0.0

cpe:2.3:a:redhat:libvirt:5.0.0
Redhat » Libvirt » Version: 5.1.0

cpe:2.3:a:redhat:libvirt:5.1.0
Redhat » Libvirt » Version: 5.2.0

cpe:2.3:a:redhat:libvirt:5.2.0
Redhat » Libvirt » Version: 5.3.0

cpe:2.3:a:redhat:libvirt:5.3.0
Redhat » Libvirt » Version: 5.4.0

cpe:2.3:a:redhat:libvirt:5.4.0
Redhat » Enterprise Linux » Version: 7.0

cpe:2.3:o:redhat:enterprise_linux:7.0
Redhat » Enterprise Linux » Version: 8.0

cpe:2.3:o:redhat:enterprise_linux:8.0
Redhat » Enterprise Linux Desktop » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
Redhat » Enterprise Linux Desktop » Version: 7.0

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
Redhat » Enterprise Linux Server » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux_server:6.0
Redhat » Enterprise Linux Server » Version: 7.0

cpe:2.3:o:redhat:enterprise_linux_server:7.0
Redhat » Enterprise Linux Server Aus » Version: 7.6

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
Redhat » Enterprise Linux Server Eus » Version: 7.6

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
Redhat » Enterprise Linux Server Tus » Version: 7.6

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
Redhat » Enterprise Linux Workstation » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
Redhat » Enterprise Linux Workstation » Version: 7.0

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
Redhat » Virtualization » Version: 4.3

cpe:2.3:o:redhat:virtualization:4.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-10168

Products

Pricing

Contact Us