Description
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
References (8)
Core 8
Core References
Vendor Advisory x_refsource_misc
https://security.libvirt.org/2019/0003.html
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1264
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1268
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L/
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1455
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4021-1/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/
Scores
CVSS v3
8.8
EPSS
0.0128
EPSS Percentile
79.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-264
CWE-732
Status
published
Products (2)
fedoraproject/fedora
redhat/libvirt
< 4.1.0
Published
May 22, 2019
Tracked Since
Feb 18, 2026