CVE-2011-2178

2011-08-1020:55:01

redhat

web.nvd.nist.gov

cve-2011-2178

libvirt security vulnerability

arbitrary file read

host os

guest os

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:S/C:C/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

26.5%

JSON

The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of “security manager private data” that “reopens disk probing” and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression.

Affected configurations

Nvd

Node

redhatlibvirtMatch0.8.8

redhatlibvirtMatch0.9.0

redhatlibvirtMatch0.9.1

VendorProductVersionCPE
redhatlibvirt0.8.8cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*
redhatlibvirt0.9.0cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*
redhatlibvirt0.9.1cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	libvirt	0.8.8	cpe:2.3:a:redhat:libvirt:0.8.8:::::::*
redhat	libvirt	0.9.0	cpe:2.3:a:redhat:libvirt:0.9.0:::::::*
redhat	libvirt	0.9.1	cpe:2.3:a:redhat:libvirt:0.9.1:::::::*