CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
94.1%
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | libvirt | < 0.8.8-3 | libvirt_0.8.8-3_all.deb |
Debian | 11 | all | libvirt | < 0.8.8-3 | libvirt_0.8.8-3_all.deb |
Debian | 999 | all | libvirt | < 0.8.8-3 | libvirt_0.8.8-3_all.deb |
Debian | 13 | all | libvirt | < 0.8.8-3 | libvirt_0.8.8-3_all.deb |