It exists that libvirtd, versions 4.x.x prior to 4.10.1 and 5.x.x prior to 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat libvirt |
||
redhat enterprise linux 8.0 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux server eus 7.6 |
||
redhat enterprise linux workstation 6.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat virtualization 4.3 |
||
redhat enterprise linux server aus 7.6 |
||
redhat enterprise linux server tus 7.6 |