The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an emulatorbin argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domains capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libvirt | Redhat | 4.0.0 (including) | 4.10.1 (excluding) |
| Libvirt | Redhat | 5.0.0 (including) | 5.4.1 (excluding) |
| Red Hat Enterprise Linux 7 | RedHat | libvirt-0:4.5.0-10.el7_6.12 | * |
| Red Hat Enterprise Linux 8 | RedHat | virt:rhel-8000020190618154454.f8e95b4e | * |
| Red Hat Enterprise Linux 8 Advanced Virtualization | RedHat | virt:8.0.0-8000020190620145550.f8e95b4e | * |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | redhat-release-virtualization-host-0:4.3.4-1.el7ev | * |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | redhat-virtualization-host-0:4.3.4-20190620.3.el7_6 | * |
| Libvirt | Ubuntu | bionic | * |
| Libvirt | Ubuntu | cosmic | * |
| Libvirt | Ubuntu | devel | * |
| Libvirt | Ubuntu | disco | * |
| Libvirt | Ubuntu | eoan | * |
| Libvirt | Ubuntu | esm-infra/bionic | * |
| Libvirt | Ubuntu | esm-infra/xenial | * |
| Libvirt | Ubuntu | trusty | * |
| Libvirt | Ubuntu | xenial | * |