All errata/sisyphus_loongarch64/ALT-PU-2025-15626-1
ALT-PU-2025-15626-1

Package update libvirt in branch sisyphus_loongarch64

Version11.10.0-alt1
Task#0
Published2025-12-09
Max severityMEDIUM
Severity:

Closed issues (2)

CVE-2025-12748
MEDIUM5.5

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.

Published: 2025-11-11Modified: 2026-05-19
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2025-13193
MEDIUM5.5

A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.

Published: 2025-11-17Modified: 2026-04-14
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References