CVE-2010-2238

EUVD-2010-2250
Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:S/C:C/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
libvirtlibvirt
0.7.2
libvirtlibvirt
0.7.3
libvirtlibvirt
0.7.4
libvirtlibvirt
0.7.5
libvirtlibvirt
0.7.6
libvirtlibvirt
0.7.7
libvirtlibvirt
0.8.0
libvirtlibvirt
0.8.1
libvirtlibvirt
0.8.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvirt
bookworm
9.0.0-4+deb12u1
fixed
bullseye
7.0.0-3+deb11u3
fixed
lenny
not-affected
sid
10.9.0-1
fixed
trixie
10.9.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libvirt
dapper
dne
hardy
not-affected
jaunty
not-affected
karmic
not-affected
lucid
Fixed 0.7.5-5ubuntu27.5
released
maverick
Fixed 0.8.3-1ubuntu8
released
Common Weakness Enumeration
References
http://libvirt.org/news.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://ubuntu.com/usn/usn-1008-1
http://ubuntu.com/usn/usn-1008-2
http://ubuntu.com/usn/usn-1008-3
http://www.vupen.com/english/advisories/2010/2763
https://bugzilla.redhat.com/show_bug.cgi?id=607811
http://libvirt.org/news.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://ubuntu.com/usn/usn-1008-1
http://ubuntu.com/usn/usn-1008-2
http://ubuntu.com/usn/usn-1008-3
http://www.vupen.com/english/advisories/2010/2763
https://bugzilla.redhat.com/show_bug.cgi?id=607811