Table of Contents
- This vulnerability requires access to the libvirt socket, normally in /var/run/libvirt/libvirt_sock_ro. Typically in hypervisor environments, local user accounts are not supported so no untrusted users should be able to access this socket.
- Red Hat Gluster Storage 3 is not affected by this vulnerability as libvirtd daemon is not shipped in Gluster.
- On Red Hat Enterprise Linux 6, the impact of this vulnerability is limited to denial of service or disclosing the existence of arbitrary files. Privilege escalation is not possible. For RHEL6, this CVE is rated as Moderate severity with 7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H
CVSS v3 metrics
|CVSS3 Base Score||8.8|
|CVSS3 Base Metrics||CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H|
Red Hat Security Errata
|Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (redhat-virtualization-host)||RHSA-2019:1699||2019-07-08|
|Red Hat Enterprise Linux 7 (libvirt)||RHSA-2019:1579||2019-06-20|
|Red Hat Enterprise Linux 8 (virt:rhel)||RHSA-2019:1580||2019-06-20|
|Red Hat Enterprise Linux 6 (libvirt)||RHSA-2019:1578||2019-06-20|
|Advanced Virtualization for RHEL 8.0.1 (virt:8.0.0)||RHSA-2019:1762||2019-07-11|
Affected Packages State
|Red Hat Gluster Storage 3||libvirt||Not affected|
|Red Hat Enterprise Linux 5||libvirt||Not affected|
AcknowledgementsRed Hat would like to thank Matthias Gerstner (SUSE) for reporting this issue.
The Unix permissions of libvirt's read-only socket can be made more restrictive than the default (0777) by editing `/etc/libvirt/libvirtd.conf`. The settings `unix_sock_group = libvirt` and `unix_sock_ro_perms = 0770` will restrict access to only members of `libvirt`, who already have management access to virtual machines.