[Pkg-libvirt-maintainers] Bug#1120584: Bug#1120584: libvirt: CVE-2025-12748

Andrea Bolognani eof at kiyuko.org
Thu Nov 13 23:30:00 GMT 2025 

Control: tags -1 upstream fixed-upstream
Control: found -1 libvirt/11.3.0-3

On Wed, Nov 12, 2025 at 08:14:46PM +0100, Salvatore Bonaccorso wrote:
> The following vulnerability was published for libvirt.
> 
> CVE-2025-12748[0]:
> | A flaw was discovered in libvirt in the XML file processing. More
> | specifically, the parsing of user provided XML files was performed
> | before the ACL checks. A malicious user with limited permissions
> | could exploit this flaw by submitting a specially crafted XML file,
> | causing libvirt to allocate too much memory on the host. The
> | excessive memory consumption could lead to a libvirt process crash
> | on the host, resulting in a denial-of-service condition.
> 
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2025-12748
>     https://www.cve.org/CVERecord?id=CVE-2025-12748
> [1] https://gitlab.com/libvirt/libvirt/-/issues/825
> 
> Please adjust the affected versions in the BTS as needed.

Fixed upstream with the following commits:

  2a326c415a qemu: Check ACLs before parsing the whole domain XML
  eb4322dfe8 ch: Check ACLs before parsing the whole domain XML
  7285c10a7e vz: Check ACLs before parsing the whole domain XML
  a6dcfee896 lxc: Check ACLs before parsing the whole domain XML
  a1f48bca07 libxl: Check ACLs before parsing the whole domain XML
  b45f10bc0a bhyve: Check ACLs before parsing the whole domain XML
  e6de1e43ab conf: Add virDomainDefIDsParseString

I'm going to prepare a backport targeting both sid and stable, fixing
both this and #1120119, in the next few days.

Will the Security Team take care of oldstable and oldoldstable?

Thanks.

-- 
Andrea Bolognani <eof at kiyuko.org>
Resistance is futile, you will be garbage collected.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-maintainers/attachments/20251114/47e7d293/attachment.sig>

More information about the Pkg-libvirt-maintainers mailing list