Luyao Huang

**Name of the Vulnerable Software and Affected Versions** libvirt versions prior to 1.2.12 **Description** The issue allows remote authenticated users to obtain the VNC password by using the VIR DOMAIN XML SECURE flag with a crafted snapshot to the `virDomainSnapshotGetXMLDesc` interface or a crafted image to the `virDomainSaveImageGetXMLDesc` interface. **Recommendations** For versions prior to 1.2.12, update to version 1.2.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the `virDomainSnapshotGetXMLDesc` and `virDomainSaveImageGetXMLDesc` interfaces until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libvirt versions prior to 1.2.9 libvirt-client version 0.10.2 libvirt-devel version 0.10.2 libvirt-debuginfo version 0.10.2 libvirt-python version 0.10.2 **Description** The issue affects the confidentiality, integrity, and availability of protected information. It is related to the `qemuDomainGetBlockIoTune` function in `qemu/qemu driver.c`, which allows remote attackers to cause a denial of service or read sensitive heap information via a crafted `blkiotune` query. This query can trigger an out-of-bounds read when a disk has been hot-plugged or removed from the live image. **Recommendations** For libvirt versions prior to 1.2.9, update to version 1.2.9 or later to resolve the issue. For libvirt-client version 0.10.2, consider disabling the `qemuDomainGetBlockIoTune` function as a temporary workaround until a patch is available. For libvirt-devel version 0.10.2, restrict access to the `qemu/qemu driver.c` module to minimize the risk of exploitation. For libvirt-debuginfo version 0.10.2, avoid using the `blkiotune` query in the affected API endpoint until the issue is resolved. For libvirt-python version 0.10.2, consider disabling the `qemuDomainGetBlockIoTune` function as a temporary workaround until a patch is available.