CVE-2017-15114

Name of the Vulnerable Software and Affected Versions libvirtd (affected versions not specified)

Description The issue arises when libvirtd is configured to use the TLS transport, and it defaults to the same certificate authority as other non-libvirtd services. Since no additional authentication is configured, these services can connect to libvirtd, which is equivalent to gaining root access. If a vulnerability exists in another service, it could be exploited in combination with this flaw to escalate privileges and gain control over compute nodes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.