CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:S/C:C/I:N/A:N
EPSS
Percentile
26.5%
Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image
backing stores without extracting the defined disk backing-store format,
which might allow guest OS users to read arbitrary files on the host OS,
and possibly have unspecified other impact, via unknown vectors.
Author | Note |
---|---|
jdstrand | AppArmor in Ubuntu 10.04 should mostly protect the host OS, but an attacker in a virtual machine may be able to access files of another machine. upstream patch is highly intrusive, needs rewriting for all affected releases, requires a conffile change and a migration helper. Ubuntu 10.04 LTS is the first release to probe the backing stores the changes for CVE-2010-2238 introduced LP: #665531. Upstream has stated that “<driver name=‘qemu’ type=‘host_device’/>” was only accidentally supported and that they do not intend to fix it. Since this used to work on 10.04 LTS and a number of people were affected, a fix will be issued for 10.04 LTS only. Libvirt 0.8.3 (in Ubuntu 10.10) will not support specifying type=‘host_device’. The discussion can be seen on the libvirt mailing. |
launchpad.net/bugs/cve/CVE-2010-2238
nvd.nist.gov/vuln/detail/CVE-2010-2238
security-tracker.debian.org/tracker/CVE-2010-2238
ubuntu.com/security/notices/USN-1008-1
ubuntu.com/security/notices/USN-1008-4
www.cve.org/CVERecord?id=CVE-2010-2238
www.redhat.com/archives/libvir-list/2010-November/msg00276.html