CVE-2008-5086

Description

Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.

How to fix CVE-2008-5086

To remediate CVE-2008-5086, upgrade the affected package to a fixed version below.

• Debian/libvirt—upgrade to 0.4.6-10 or later

Is CVE-2008-5086 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.4.6-10

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-5086