CVE-2019-10166

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-10166

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10166.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10166

Downstream

ALPINE-CVE-2019-10166

DEBIAN-CVE-2019-10166

RHSA-2019:1579

RHSA-2019:1580

RHSA-2019:1699

RHSA-2019:1762

SUSE-SU-2019:1599-1

SUSE-SU-2019:1637-1

SUSE-SU-2019:1643-1

UBUNTU-CVE-2019-10166

USN-4047-1

openSUSE-SU-2019:1672-1

openSUSE-SU-2019:1753-1

openSUSE-SU-2024:11008-1

Related

Published

2019-08-02T13:15:12Z

Modified

2025-08-09T19:01:29Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.

References

Affected packages