The virSecurityManagerGetPrivateData function in
security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong
argument for a sizeof call, which causes incorrect processing of "security
manager private data" that "reopens disk probing" and might allow guest OS
users to read arbitrary files on the host OS. NOTE: this vulnerability
exists because of a CVE-2010-2238 regression.
jdstrand> 0.8.8 through 0.9.1 are affected
Updated: 2015-10-17 03:36:33 UTC (commit 10086)