VDB
GCVE-VVD-MAGEIA-2019-390
GCVE-VVD-MAGEIA-2019-390
Advisory Published
Updated libvirt packages fix security vulnerabilities:
An information leak which allowed to retrieve the guest hostname
under readonly mode (CVE-2019-3886).
Wrong permissions in systemd admin-sock due to missing SocketMode
parameter (CVE-2019-10132).
Arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
(CVE-2019-10161).
virDomainManagedSaveDefineXML API exposed to readonly clients
(CVE-2019-10166).
Arbitrary command execution via virConnectGetDomainCapabilities API
(CVE-2019-10167).
Arbitrary command execution via virConnectBaselineHypervisorCPU and
virConnectCompareHypervisorCPU APIs (CVE-2019-10168).
Also, this update contains the libvirt adjustments, that pass through
the new 'md-clear' CPU flag, to help address Intel CPU speculative
execution flaws.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | libvirt | 0 (affected), 5.5.0-1.mga7 (unaffected) | — |
| Mageia | python-libvirt | 0 (affected), 5.5.0-1.mga7 (unaffected) | — |
References
Browse GCVE Records
100 records in the GCVE database · Updated April 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.