CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
94.1%
libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict
operations in a read-only connection, which allows remote attackers to
cause a denial of service (host OS crash) or possibly execute arbitrary
code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3)
virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5)
virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different
vulnerability than CVE-2008-5086.
Author | Note |
---|---|
jdstrand | code not present in 8.04 LTS |