CVE-2019-10132 in libvirt
Summary
by MITRE
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 11/23/2025
The vulnerability identified as CVE-2019-10132 represents a critical access control flaw within the libvirt virtualization management framework affecting versions 4.1.0 and later. This issue resides in the systemd socket units responsible for managing administrative communication channels with virtlockd and virtlogd daemons. The root cause stems from the absence of proper SocketMode configuration parameters in the systemd unit files, creating an unintended security boundary that allows unauthorized local users to establish administrative connections to these critical virtualization services.
The technical implementation of this vulnerability exploits the default socket behavior in systemd where sockets are created with permissive permissions when SocketMode is not explicitly defined. When virtlockd-admin.socket and virtlogd-admin.socket units are configured without explicit SocketMode settings, they inherit default permissions that permit any user on the host system to connect to these administrative endpoints. This misconfiguration effectively bypasses the intended authentication and authorization mechanisms that should restrict administrative access to these services to only privileged users or specific administrative processes.
The operational impact of this vulnerability extends beyond simple privilege escalation as it enables attackers to perform arbitrary administrative operations against running virtualization daemons. An attacker with local access can leverage this vulnerability to manipulate virtual machine lock management, potentially causing denial of service conditions, or access sensitive logging information that may contain confidential data from virtualized environments. The implications are particularly severe in multi-tenant environments where multiple users share the same host system, as the vulnerability allows unprivileged users to potentially disrupt or compromise other virtual machines managed by the same libvirt instance.
This vulnerability aligns with CWE-276, which addresses improper privileges, and represents a classic case of insufficient access control in system services. From an adversarial perspective, this flaw maps to ATT&CK technique T1068, which involves exploiting legitimate credentials and privileges to gain unauthorized access to systems. The attack vector requires local system access but does not necessitate network connectivity or specialized tools, making it particularly dangerous as it can be exploited by any local user with basic system privileges. Organizations using libvirt in production environments should consider this vulnerability as a high-priority remediation item, especially in environments where multiple users share administrative access to the same host systems.
The recommended mitigation strategy involves explicitly configuring SocketMode parameters in the systemd unit files for both virtlockd-admin.socket and virtlogd-admin.socket. Administrators should set appropriate socket permissions that restrict access to only authorized users or groups, typically requiring root privileges or specific administrative membership. The fix requires modifying the systemd unit files to include SocketMode=0600 or similar restrictive permissions, ensuring that only processes with appropriate privileges can establish connections to these administrative endpoints. Regular security audits of systemd unit configurations should be implemented to prevent similar misconfigurations from occurring in other services within the virtualization stack.