CVE-2019-3886

moderate-risk
Published 2019-04-04

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.

Do I need to act?

-
0.46% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
ADJACENT_NETWORK / LOW complexity

Affected Products (4)

Affected Vendors

Redhat Fedoraproject Opensuse

References (14)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html
Third Party Advisory http://www.securityfocus.com/bid/107777
Third Party Advisory https://access.redhat.com/errata/RHBA-2019:3723
Exploit https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Third Party Advisory https://usn.ubuntu.com/4021-1/
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html
Third Party Advisory http://www.securityfocus.com/bid/107777
Third Party Advisory https://access.redhat.com/errata/RHBA-2019:3723
Exploit https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Third Party Advisory https://usn.ubuntu.com/4021-1/
30
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 2/34 · Minimal
Exposure 10/34 · Low