Your submission was sent successfully! Close

CVE-2019-10132

Published: 21 May 2019

A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
libvirt
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(4.0.0-1ubuntu8.9)
cosmic
Released (4.6.0-2ubuntu3.7)
disco
Released (5.0.0-1ubuntu2.3)
precise Not vulnerable

trusty Not vulnerable

upstream Needs triage

xenial Not vulnerable
(1.3.1-1ubuntu10.25)