CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:S/C:C/I:N/A:N
EPSS
Percentile
26.5%
Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores
without referring to the user-defined main disk format, which might allow
guest OS users to read arbitrary files on the host OS, and possibly have
unspecified other impact, via unknown vectors.
Author | Note |
---|---|
jdstrand | AppArmor 10.04 should mostly protect the host OS, but an attacker in a virtual machine may be able to access files of another machine. upstream patch is highly intrusive, needs rewriting for all affected releases, requires a conffile change and a migration helper. Ubuntu 10.04 LTS is the first release to probe the backing stores |