ALT-PU-2025-15626-1

Обновление пакета libvirt в ветке sisyphus_loongarch64

Версия11.10.0-alt1

Задание#0

Опубликовано2025-12-09

Макс. серьёзностьMEDIUM

Серьёзность:

Закрытые проблемы (2)

MEDIUM5.5

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.

Опубликовано: 2025-11-11Изменено: 2026-05-19

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ссылки

MEDIUM5.5

A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.

Опубликовано: 2025-11-17Изменено: 2026-04-14

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Ссылки