CVE-2010-2238
Publication date 19 August 2010
Last updated 24 July 2024
Ubuntu priority
Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Status
Package | Ubuntu Release | Status |
---|---|---|
libvirt | 10.10 maverick |
Fixed 0.8.3-1ubuntu8
|
10.04 LTS lucid |
Fixed 0.7.5-5ubuntu27.5
|
|
9.10 karmic |
Not affected
|
|
9.04 jaunty |
Not affected
|
|
8.04 LTS hardy |
Not affected
|
|
6.06 LTS dapper | Not in release |
Notes
jdstrand
AppArmor in Ubuntu 10.04 should mostly protect the host OS, but an attacker in a virtual machine may be able to access files of another machine. upstream patch is highly intrusive, needs rewriting for all affected releases, requires a conffile change and a migration helper. Ubuntu 10.04 LTS is the first release to probe the backing stores the changes for CVE-2010-2238 introduced LP: #665531. Upstream has stated that ”<driver name=‘qemu’ type=‘host_device’/>” was only accidentally supported and that they do not intend to fix it. Since this used to work on 10.04 LTS and a number of people were affected, a fix will be issued for 10.04 LTS only. Libvirt 0.8.3 (in Ubuntu 10.10) will not support specifying type=‘host_device’. The discussion can be seen on the libvirt mailing.
References
Related Ubuntu Security Notices (USN)
- USN-1008-1
- libvirt vulnerabilities
- 21 October 2010