Libvirt Security Notice Index

• LSN-2020-0003: Leak of /dev/mapper/control into QEMU guest namespace
• LSN-2020-0002: Leak of sensitive cookie information
• LSN-2020-0001: Denial of Service via storage pools without target paths
• LSN-2019-0009: QEMU agent denial of service
• LSN-2019-0008: Transactional Synchronization Extensions (TSX) Asynchronous Abort
• LSN-2019-0007: virConnect*HypervisorCPU do not check for read-only connection
• LSN-2019-0006: virConnectGetDomainCapabilities does not check for read-only connection
• LSN-2019-0005: virDomainManagedSaveDefineXML does not check for read-only connection
• LSN-2019-0004: virDomainSaveImageGetXMLDesc does not check for read-only connection
• LSN-2019-0003: Insecure permissions for systemd socket for virtlockd/virtlogd
• LSN-2019-0002: Crash after running guest agent command to fetch interfaces
• LSN-2019-0001: virDomainGetHostname and virDomainGetTime don't enforce read-only perms
• LSN-2018-0005: Speculative Store Bypass
• LSN-2018-0004: QEMU agent denial of service
• LSN-2018-0003: Insecure usage of NSS modules during container startup
• LSN-2018-0002: QEMU monitor denial of service
• LSN-2018-0001: Spectre variant 2 branch target injection
• LSN-2017-0002: TLS certificate verification disabled for clients
• LSN-2017-0001: libvirtd crashes in virConnectGetAllDomainStats with empty cdrom
• LSN-2016-0002: Access to virDomainGetTime mistakenly allowed on read-only connection
• LSN-2016-0001: Authentication disabled when setting empty VNC password
• LSN-2015-0004: ACL bypass using ../ to access beyond storage pool
• LSN-2015-0003: denial of service through root-squash NFS storage pools
• LSN-2015-0002: small memory leak in ListAll APIs
• LSN-2015-0001: snapshots and save images leak VNC passwords
• LSN-2014-0010: deadlock on failed migration
• LSN-2014-0009: crash when using virStorageVolUpload
• LSN-2014-0008: deadlock or segfault in virConnectGetAllDomainStats
• LSN-2014-0007: virDomainGetXMLDesc leaks VNC passwords
• LSN-2014-0006: virDomainBlockRebase probes file formats in spite of explicit raw request
• LSN-2014-0005: virConnectListAllDomains can deadlock
• LSN-2014-0004: Querying blkiotune after disk hotplug can lead to libvirtd crash
• LSN-2014-0003: Unsafe parsing of XML documents allows arbitrary file read
• LSN-2014-0002: Missing access control check on events
• LSN-2014-0001: libvirtd crashes if client closes connection early
• LSN-2013-0021: libvirtd crash during seamless SPICE migration
• LSN-2013-0020: libvirtd crash when hot-plugging disks for qemu domains
• LSN-2013-0019: libvirtd crash when reading numa tunables for libxl guest in shutoff status
• LSN-2013-0018: Unsafe usage of paths under /proc/$PID/root by the LXC driver
• LSN-2013-0017: libvirtd daemon crash when reading memory tunables for LXC guest in shutoff status
• LSN-2013-0016: Out of bounds access in bitmap array
• LSN-2013-0015: Incorrect permissions on XML conversion APIs
• LSN-2013-0014: virt-login-shell fails to secure setuid environment
• LSN-2013-0013: Crash of libvirtd when ACLs are active and events registered
• LSN-2013-0012: Insecure invocation of polkit for checking authorization
• LSN-2013-0011: Invalid free when setting up NBD devices
• LSN-2013-0010: Crash when querying domain memory stats
• LSN-2013-0009: Missing bounds checking on parameter count in migration API
• LSN-2013-0008: Libvirt security driver does not clear supplementary groups
• LSN-2013-0007: Crash listing inactive domains in Xen driver
• LSN-2013-0006: Crash of libvirtd without guest agent active
• LSN-2013-0005: Crash after querying vCPU count from guest agent
• LSN-2013-0004: Crash in libvirtd registering events
• LSN-2013-0003: Crash of libvirtd when listing host interfaces
• LSN-2013-0002: Leak of file descriptors when listing storage volumes
• LSN-2013-0001: Fix crash on error paths of message dispatching
• LSN-2012-0003: Crash of libvirt when dispatching illegal RPC procedure
• LSN-2012-0002: Fix crash in libvirt clearing API parameters
• LSN-2012-0001: DNS configured to answer DNS queries from non-virtual networks
• LSN-2011-0003: Security manager does not disable disk probing
• LSN-2011-0002: Error reporting in libvirtd is not thread safe
• LSN-2011-0001: Missing checks for read only connections on many APIs
• LSN-2010-0004: Improperly mapped virtual network source privileged ports
• LSN-2010-0003: Not setting user defined backing store format when creating new image
• LSN-2010-0002: Ignoring backing store format when recursing into disk image backing stores
• LSN-2010-0001: Ignoring main disk format when looking up disk backing stores
• LSN-2009-0001: Incorrect buffer checks in setuid proxy
• LSN-2008-0001: Missing checks for read only connections on many APIs

Alternative formats: [xml]