Описание
A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libvirt | fixed | 11.10.0-1 | package | |
| libvirt | fixed | 11.3.0-3+deb13u2 | trixie | package |
| libvirt | not-affected | bookworm | package | |
| libvirt | not-affected | bullseye | package |
Примечания
Introduced after: https://gitlab.com/libvirt/libvirt/-/commit/9b94a9e8ab1de1a33fa97e0362b1e763b09d52c8 (v9.7.0-rc1)
Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/a379327d8abcde8ac8d3e16fe5e4ba6f790d767a
EPSS
Связанные уязвимости
A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.
A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.
Libvirt: information disclosure via world-readable vm snapshots
A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.
EPSS