Daniel P. Berrangé

**Name of the Vulnerable Software and Affected Versions** libvirt (affected versions not specified) **Description** The issue is related to the generation of SELinux MCS category pairs for dynamic labels of virtual machines in the libvirt library. This flaw can be exploited by a remote attacker to gain access to confidential information. It allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this issue is to confidentiality and integrity. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libvirt versions 4.1.0 and later **Description** A vulnerability was found in the virtlockd-admin.socket and virtlogd-admin.socket systemd units of libvirt. The issue is caused by a missing SocketMode configuration parameter, which allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. This could potentially allow an attacker to elevate their privileges. **Recommendations** For libvirt versions 4.1.0 and later, consider adding the SocketMode configuration parameter to the virtlockd-admin.socket and virtlogd-admin.socket systemd units to restrict access. As a temporary workaround, consider restricting access to the virtlockd-admin-sock and virtlogd-admin-sock sockets to minimize the risk of exploitation.