CVE-2010-2237 — Libvirt vulnerability

CWE-2649 documents8 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 78.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt Libvirt

Timeline

PublishedAug 19

Latest updateMay 17

Description

Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.

CVSS vector

AV:L/AC:M/C:C/I:N/A:NExploitability: 2.7 | Impact: 6.9

Affected Packages2 packages

▶Debianredhat/libvirt< 0.8.3-1+3

▶NVDlibvirt/libvirt16 versions+15

🔴Vulnerability Details

GHSA

GHSA-prh8-gm5f-24xq: Red Hat libvirt, possibly 0↗2022-05-17

▶

OSV

CVE-2010-2237: Red Hat libvirt, possibly 0↗2010-08-19

▶

CVEList

CVE-2010-2237: Red Hat libvirt, possibly 0↗2010-08-19

▶

📋Vendor Advisories

Ubuntu

libvirt vulnerabilities↗2010-10-21

▶

Red Hat

libvirt: ignoring defined main disk format when looking up disk backing stores↗2010-07-12

▶

Debian

CVE-2010-2237: libvirt - Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores with...↗2010

▶

💬Community

Bugzilla

CVE-2010-2237 CVE-2010-2238 CVE-2010-2239 CVE-2010-2242 libvirt various flaws [fedora-all]↗2010-07-12

▶

Bugzilla

CVE-2010-2237 libvirt: ignoring defined main disk format when looking up disk backing stores↗2010-06-24

▶