Information on source package libvirt

Available versions

ReleaseVersion
buster5.0.0-4+deb10u1
bullseye7.0.0-3
bookworm9.0.0-1
sid9.0.0-1

Open issues

BugbusterbullseyebookwormsidDescription
CVE-2022-0897vulnerable (no DSA)vulnerable (no DSA)fixedfixedA flaw was found in the libvirt nwfilter driver. The virNWFilterObjLis ...
CVE-2021-4147vulnerable (no DSA)vulnerable (no DSA)fixedfixedA flaw was found in the libvirt libxl driver. A malicious guest could ...
CVE-2021-3975vulnerable (no DSA)vulnerable (no DSA)fixedfixedA use-after-free flaw was found in libvirt. The qemuMonitorUnregister( ...
CVE-2021-3667vulnerable (no DSA)vulnerable (no DSA)fixedfixedAn improper locking issue was found in the virStoragePoolLookupByTarge ...
CVE-2021-3631vulnerable (no DSA)vulnerable (no DSA)fixedfixedA flaw was found in libvirt while it generates SELinux MCS category pa ...
CVE-2020-25637vulnerable (no DSA)fixedfixedfixedA double free memory issue was found to occur in the libvirt API, in v ...
CVE-2020-12430vulnerable (no DSA)fixedfixedfixedAn issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...
CVE-2020-10703vulnerable (no DSA)fixedfixedfixedA NULL pointer dereference was found in the libvirt API responsible in ...
CVE-2019-20485vulnerable (no DSA)fixedfixedfixedqemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a ...

Resolved issues

BugDescription
CVE-2021-3559A flaw was found in libvirt in the virConnectListAllNodeDevices API in ...
CVE-2020-15708Ubuntu's packaging of libvirt in 20.04 LTS created a control socket wi ...
CVE-2020-14339A flaw was found in libvirt, where it leaked a file descriptor for `/d ...
CVE-2020-14301An information disclosure vulnerability was found in libvirt in versio ...
CVE-2020-10701A missing authorization flaw was found in the libvirt API responsible ...
CVE-2019-10168The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorC ...
CVE-2019-10167The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x befo ...
CVE-2019-10166It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x. ...
CVE-2019-10161It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would ...
CVE-2019-10132A flaw was found in libvirt in version 4.1.0 and earlier. A missing So ...
CVE-2019-3886An incorrect permissions check was discovered in libvirt 4.8.0 and abo ...
CVE-2019-3840A NULL pointer dereference flaw was discovered in libvirt before versi ...
CVE-2018-6764util/virlog.c in libvirt does not properly determine the hostname on L ...
CVE-2018-5748qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of s ...
CVE-2018-1064libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustio ...
CVE-2017-1000256libvirt version 2.3.0 and later is vulnerable to a bad default configu ...
CVE-2017-2635A NULL pointer deference flaw was found in the way libvirt from 2.5.0 ...
CVE-2016-10746libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API ...
CVE-2016-5008It was found that setting a VNC password to an empty string in libvirt ...
CVE-2015-5313A path-traversal flaw was found in the way the libvirt daemon handled ...
CVE-2015-5247The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows ...
CVE-2015-5160It was found that the libvirt daemon, when using RBD (RADOS Block Devi ...
CVE-2015-0236It was discovered that the virDomainSnapshotGetXMLDesc() and virDomain ...
CVE-2014-8136It was found that QEMU's qemuDomainMigratePerform() and qemuDomainMigr ...
CVE-2014-8135The storageVolUpload function in storage/storage_driver.c in libvirt b ...
CVE-2014-8131The qemu implementation of virConnectGetAllDomainStats in libvirt befo ...
CVE-2014-7823It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, th ...
CVE-2014-5177libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access con ...
CVE-2014-3657A denial of service flaw was found in the way libvirt's virConnectList ...
CVE-2014-3633An out-of-bounds read flaw was found in the way libvirt's qemuDomainGe ...
CVE-2014-1447Race condition in the virNetServerClientStartKeepAlive function in lib ...
CVE-2014-0179It was found that libvirt passes the XML_PARSE_NOENT flag when parsing ...
CVE-2014-0028libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypa ...
CVE-2013-7336The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in lib ...
CVE-2013-6458CVE-2013-6458 qemu: job usage issue in several APIs leading to libvirt ...
CVE-2013-6457The libxlDomainGetNumaParameters function in the libxl driver (libxl/l ...
CVE-2013-6456The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allow ...
CVE-2013-6436The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt ...
CVE-2013-5651The virBitmapParse function in util/virbitmap.c in libvirt before 1.1. ...
CVE-2013-4401The virConnectDomainXMLToNative API function in libvirt 1.1.0 through ...
CVE-2013-4400virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to ...
CVE-2013-4399The remoteClientFreeFunc function in daemon/remote.c in libvirt before ...
CVE-2013-4311CVE-2013-4311 libvirt: insecure calling of polkit ...
CVE-2013-4297The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1. ...
CVE-2013-4296CVE-2013-4296 libvirt: invalid free in remoteDispatchDomainMemoryStats ...
CVE-2013-4292libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of servic ...
CVE-2013-4291The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1. ...
CVE-2013-4239The xenDaemonListDefinedDomains function in xen/xend_internal.c in lib ...
CVE-2013-4154The qemuAgentCommand function in libvirt before 1.1.1, when a guest ag ...
CVE-2013-4153Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qe ...
CVE-2013-2230The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows re ...
CVE-2013-2218Double free vulnerability in the virConnectListAllInterfaces method in ...
CVE-2013-1962CVE-2013-1962 libvirt: DoS (max count of open files exhaustion) due so ...
CVE-2013-1766libvirt 1.0.2 and earlier sets the group owner to kvm for device files ...
CVE-2013-0170CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() ...
CVE-2012-4423CVE-2012-4423 libvirt: null function pointer invocation in virNetServe ...
CVE-2012-3445CVE-2012-3445 libvirt: crash in virTypedParameterArrayClear ...
CVE-2012-2693CVE-2012-2693 libvirt: address bus= device= when identicle vendor ID/p ...
CVE-2011-4600CVE-2011-4600 libvirt: unintended firewall port exposure after restart ...
CVE-2011-2511CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus ...
CVE-2011-2178The virSecurityManagerGetPrivateData function in security/security_man ...
CVE-2011-1486CVE-2011-1486 libvirt: error reporting in libvirtd is not thread safe ...
CVE-2011-1146CVE-2011-1146 libvirt: several API calls do not honour read-only conne ...
CVE-2010-2242CVE-2010-2242 libvirt: improperly mapped source privileged ports may a ...
CVE-2010-2239CVE-2010-2239 libvirt: not setting user defined backing store format w ...
CVE-2010-2238Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-imag ...
CVE-2010-2237Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing s ...
CVE-2009-0036CVE-2009-0036 libvirt: libvirt_proxy buffer overflow ...
CVE-2008-5086CVE-2008-5086 libvirt: missing checks for read-only connection ...

Security announcements

DSA / DLADescription
DLA-2395-1libvirt - security update
DLA-1832-1libvirt - security update
DSA-4469-1libvirt - security update
DLA-1772-1libvirt - security update
DLA-1315-1libvirt - security update
DSA-4137-1libvirt - security update
DSA-4003-1libvirt - security update
DSA-3613-1libvirt - security update
DLA-541-1libvirt - security update
DSA-3038-1libvirt - security update
DSA-2846-1libvirt - several
DSA-2764-1libvirt - programming error
DSA-2650-1libvirt - files and device nodes ownership change to kvm group
DSA-2280-1libvirt - several
DSA-2194-1libvirt - privilege escalation

Search for package or bug name: Reporting problems