Vulnerability Details CVE-2010-2237
Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.9%
CVSS Severity
CVSS v2 Score 4.4
References
- http://libvirt.org/news.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://ubuntu.com/usn/usn-1008-1
- http://ubuntu.com/usn/usn-1008-2
- http://ubuntu.com/usn/usn-1008-3
- http://www.vupen.com/english/advisories/2010/2763
- https://bugzilla.redhat.com/show_bug.cgi?id=607810
- http://libvirt.org/news.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://ubuntu.com/usn/usn-1008-1
- http://ubuntu.com/usn/usn-1008-2
- http://ubuntu.com/usn/usn-1008-3
- http://www.vupen.com/english/advisories/2010/2763
- https://bugzilla.redhat.com/show_bug.cgi?id=607810
Products affected by CVE-2010-2237
-
cpe:2.3:a:libvirt:libvirt:0.6.1
-
cpe:2.3:a:libvirt:libvirt:0.6.2
-
cpe:2.3:a:libvirt:libvirt:0.6.3
-
cpe:2.3:a:libvirt:libvirt:0.6.4
-
cpe:2.3:a:libvirt:libvirt:0.6.5
-
cpe:2.3:a:libvirt:libvirt:0.7.0
-
cpe:2.3:a:libvirt:libvirt:0.7.1
-
cpe:2.3:a:libvirt:libvirt:0.7.2
-
cpe:2.3:a:libvirt:libvirt:0.7.3
-
cpe:2.3:a:libvirt:libvirt:0.7.4
-
cpe:2.3:a:libvirt:libvirt:0.7.5
-
cpe:2.3:a:libvirt:libvirt:0.7.6
-
cpe:2.3:a:libvirt:libvirt:0.7.7
-
cpe:2.3:a:libvirt:libvirt:0.8.0
-
cpe:2.3:a:libvirt:libvirt:0.8.1
-
cpe:2.3:a:libvirt:libvirt:0.8.2