suse · CVE-2019-10166

Quick triage

Priority: high Published: 2021-05-30 14:26:43 UTC Updated: 2026-03-05 06:20:14 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2019-10166 severity important: SUSE including 935 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 1292 product×package rows across 53 product lines (SLES for SAP Applications 11 SP3, SUSE Liberty Linux 7, … (53 product lines)): Fixed 848, Known Affected 231, Known Not Affected 213.

Description:

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.

cvelogic Threat Intelligence