CVE-2010-2238
First published: Thu Jun 24 2010(Updated: )
It was found that libvirt did not extract the defined disk backing store format when recursing into disk image backing stores in the security drivers. This could be possibly exploited by priviledged guest user to access arbitrary files on the host.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Libvirt | =0.7.3 | |
| Oracle Libvirt | =0.8.1 | |
| Oracle Libvirt | =0.8.0 | |
| Oracle Libvirt | =0.7.6 | |
| Oracle Libvirt | =0.7.4 | |
| Oracle Libvirt | =0.7.7 | |
| Oracle Libvirt | =0.7.5 | |
| Oracle Libvirt | =0.7.2 | |
| Oracle Libvirt | =0.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://libvirt.org/news.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
- https://bugzilla.redhat.com/show_bug.cgi?id=607811
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://ubuntu.com/usn/usn-1008-2
- http://ubuntu.com/usn/usn-1008-3
- http://ubuntu.com/usn/usn-1008-1
- http://www.vupen.com/english/advisories/2010/2763
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=613625
Frequently Asked Questions
What is the severity of CVE-2010-2238?
CVE-2010-2238 is classified as a high-severity vulnerability due to its potential to allow privileged guest users to access arbitrary files on the host system.
How do I fix CVE-2010-2238?
To mitigate CVE-2010-2238, you should upgrade libvirt to version 0.8.3 or later, which contains the necessary security patches.
What versions of libvirt are affected by CVE-2010-2238?
CVE-2010-2238 affects libvirt versions from 0.7.2 to 0.8.2.
Who can exploit CVE-2010-2238?
CVE-2010-2238 can potentially be exploited by privileged guest users within the virtualized environment.
What is the impact of CVE-2010-2238?
The impact of CVE-2010-2238 is that it allows unauthorized access to sensitive files on the host from a compromised virtual machine.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-2238
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/libvirt
- canonical/oracle libvirt
- version/oracle libvirt/0.7.3
- version/oracle libvirt/0.8.1
- version/oracle libvirt/0.8.0
- version/oracle libvirt/0.7.6
- version/oracle libvirt/0.7.4
- version/oracle libvirt/0.7.7
- version/oracle libvirt/0.7.5
- version/oracle libvirt/0.7.2
- version/oracle libvirt/0.8.2