CVE-2010-2237
Published: 19 August 2010
Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Notes
| Author | Note |
|---|---|
| jdstrand | AppArmor 10.04 should mostly protect the host OS, but an attacker in a virtual machine may be able to access files of another machine. upstream patch is highly intrusive, needs rewriting for all affected releases, requires a conffile change and a migration helper. Ubuntu 10.04 LTS is the first release to probe the backing stores |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libvirt Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Not vulnerable
|
|
| jaunty |
Not vulnerable
|
|
| karmic |
Not vulnerable
|
|
| lucid |
Released
(0.7.5-5ubuntu27.5)
|
|
| maverick |
Released
(0.8.3-1ubuntu8)
|
|
| upstream |
Released
(0.8.3-1)
|
|
| This vulnerability is mitigated in part by an AppArmor profile. | ||