PT-2010-3835 · Red Hat · Libvirt
Published
2010-08-19
·
Updated
2010-10-30
·
CVE-2010-2238
CVSS v2.0
4.4
Medium
| Vector | AV:L/AC:M/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Red Hat libvirt versions 0.7.2 through 0.8.2
Description
The issue allows guest OS users to potentially read arbitrary files on the host OS and may have other unspecified impacts. This is due to the software recursing into disk-image backing stores without properly extracting the defined disk backing-store format.
Recommendations
For versions 0.7.2 through 0.8.2, update to a version that properly handles disk-image backing stores to prevent unauthorized access to host OS files.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libvirt