CVE-2010-2238 : Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined di

Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.

Published 2010-08-19 18:00:03

Updated 2010-10-30 04:00:00

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2010-2238

Probability of exploitation activity in the next 30 days: 0.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 25 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-2238

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.4	MEDIUM	AV:L/AC:M/Au:S/C:C/I:N/A:N	2.7	6.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: Single Confidentiality Impact: Complete Integrity Impact: None Availability Impact: None

CWE ids for CVE-2010-2238

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-2238

http://www.vupen.com/english/advisories/2010/2763

Webmail | OVH- OVH

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=607811

607811 – (CVE-2010-2238) CVE-2010-2238 libvirt: ignoring defined disk backing store format when recursing into disk image backing stores
http://ubuntu.com/usn/usn-1008-1

USN-1008-1: libvirt vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://ubuntu.com/usn/usn-1008-3

USN-1008-3: libvirt update | Ubuntu security notices

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html

[SECURITY] Fedora 13 Update: libvirt-0.8.2-1.fc13

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2010:017

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html

[SECURITY] Fedora 12 Update: libvirt-0.8.2-1.fc12

CVEs referencing this url
http://libvirt.org/news.html

libvirt: Releases
Vendor Advisory

CVEs referencing this url
http://ubuntu.com/usn/usn-1008-2

USN-1008-2: Virtinst update | Ubuntu security notices

CVEs referencing this url

Products affected by CVE-2010-2238

Libvirt » Libvirt » Version: 0.7.5
cpe:2.3:a:libvirt:libvirt:0.7.5:*:*:*:*:*:*:*
Matching versions
Libvirt » Libvirt » Version: 0.7.3
cpe:2.3:a:libvirt:libvirt:0.7.3:*:*:*:*:*:*:*
Matching versions
Libvirt » Libvirt » Version: 0.7.4
cpe:2.3:a:libvirt:libvirt:0.7.4:*:*:*:*:*:*:*
Matching versions
Libvirt » Libvirt » Version: 0.7.7
cpe:2.3:a:libvirt:libvirt:0.7.7:*:*:*:*:*:*:*
Matching versions
Libvirt » Libvirt » Version: 0.8.0
cpe:2.3:a:libvirt:libvirt:0.8.0:*:*:*:*:*:*:*
Matching versions
Libvirt » Libvirt » Version: 0.7.6
cpe:2.3:a:libvirt:libvirt:0.7.6:*:*:*:*:*:*:*
Matching versions
Libvirt » Libvirt » Version: 0.7.2
cpe:2.3:a:libvirt:libvirt:0.7.2:*:*:*:*:*:*:*
Matching versions
Libvirt » Libvirt » Version: 0.8.1
cpe:2.3:a:libvirt:libvirt:0.8.1:*:*:*:*:*:*:*
Matching versions
Libvirt » Libvirt » Version: 0.8.2
cpe:2.3:a:libvirt:libvirt:0.8.2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2010-2238

Exploit prediction scoring system (EPSS) score for CVE-2010-2238

CVSS scores for CVE-2010-2238

CWE ids for CVE-2010-2238

References for CVE-2010-2238

Products affected by CVE-2010-2238