CVE-2010-2237: Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS…

medium4.4CVSS 3.1

AVLACMAuSCCINAN

Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.

Affected

21 ranges

Vendor	Product	Version range	Fixed in
debian	libvirt	< libvirt 0.8.3-1 (bookworm)	libvirt 0.8.3-1 (bookworm)
libvirt	libvirt	—	—
libvirt	libvirt	—	—
libvirt	libvirt	—	—
libvirt	libvirt	—	—
libvirt	libvirt	—	—
libvirt	libvirt	—	—
libvirt	libvirt	—	—
libvirt	libvirt	—	—
libvirt	libvirt	—	—
libvirt	libvirt	—	—
libvirt	libvirt	—	—
libvirt	libvirt	—	—
libvirt	libvirt	—	—
libvirt	libvirt	—	—
libvirt	libvirt	—	—
libvirt	libvirt	—	—
redhat	libvirt	>= 0 < 0.8.3-1	0.8.3-1
redhat	libvirt	>= 0 < 0.8.3-1	0.8.3-1
redhat	libvirt	>= 0 < 0.8.3-1	0.8.3-1
redhat	libvirt	>= 0 < 0.8.3-1	0.8.3-1

CVSS provenance

nvd4.4MEDIUMAV:L/AC:M/Au:S/C:C/I:N/A:N

osv4.4MEDIUM