CVE-2019-10132

Published: 21 May 2019

A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.

Priority

CVSS 3 base score: 8.8

Status

Package	Release	Status
libvirt Launchpad, Ubuntu, Debian	bionic	Not vulnerable (4.0.0-1ubuntu8.9)
	cosmic	Released (4.6.0-2ubuntu3.7)
	disco	Released (5.0.0-1ubuntu2.3)
	precise	Not vulnerable
	trusty	Not vulnerable
	upstream	Needs triage
	xenial	Not vulnerable (1.3.1-1ubuntu10.25)

Notes

Author	Note
mdeslaur	only affects >= 4.1.0

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10132
https://security.libvirt.org/2019/0003.html
https://ubuntu.com/security/notices/USN-4021-1
NVD
Launchpad
Debian

Bugs

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›