Vulnerability Details : CVE-2010-2238
Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Exploit prediction scoring system (EPSS) score for CVE-2010-2238
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 25 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2238
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:S/C:C/I:N/A:N |
2.7
|
6.9
|
NIST |
CWE ids for CVE-2010-2238
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2238
-
http://www.vupen.com/english/advisories/2010/2763
Webmail | OVH- OVH
-
https://bugzilla.redhat.com/show_bug.cgi?id=607811
607811 – (CVE-2010-2238) CVE-2010-2238 libvirt: ignoring defined disk backing store format when recursing into disk image backing stores
-
http://ubuntu.com/usn/usn-1008-1
USN-1008-1: libvirt vulnerabilities | Ubuntu security notices
-
http://ubuntu.com/usn/usn-1008-3
USN-1008-3: libvirt update | Ubuntu security notices
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
[SECURITY] Fedora 13 Update: libvirt-0.8.2-1.fc13
-
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:017
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
[SECURITY] Fedora 12 Update: libvirt-0.8.2-1.fc12
-
http://libvirt.org/news.html
libvirt: ReleasesVendor Advisory
-
http://ubuntu.com/usn/usn-1008-2
USN-1008-2: Virtinst update | Ubuntu security notices
Products affected by CVE-2010-2238
- cpe:2.3:a:libvirt:libvirt:0.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.8.2:*:*:*:*:*:*:*