Redhat: >> Libvirt >> 0.9.8 Security Vulnerabilities
libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.
CVSS Score
3.6
EPSS Score
0.001
Published
2013-03-20
The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.
CVSS Score
5.0
EPSS Score
0.029
Published
2012-11-19
libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.
CVSS Score
3.7
EPSS Score
0.001
Published
2012-06-17
Page 4