CVE-2010-2238 — Libvirt vulnerability

CWE-26414 documents9 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 78.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt Libvirt

Timeline

PublishedAug 19

Latest updateMay 17

Description

Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.

CVSS vector

AV:L/AC:M/C:C/I:N/A:NExploitability: 2.7 | Impact: 6.9

Affected Packages2 packages

▶Debianredhat/libvirt< 0.8.3-1+3

▶NVDlibvirt/libvirt9 versions+8

🔴Vulnerability Details

GHSA

GHSA-xvqx-w57v-q544: Red Hat libvirt, possibly 0↗2022-05-17

▶

OSV

CVE-2010-2238: Red Hat libvirt, possibly 0↗2010-08-19

▶

CVEList

CVE-2010-2238: Red Hat libvirt, possibly 0↗2010-08-19

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Whale Intelligent Application Gateway - ActiveX Control Buffer Overflow (Metasploit)↗2010-05-09

▶

📋Vendor Advisories

Red Hat

libvirt: regression introduced in disk probe logic↗2011-05-31

▶

Ubuntu

libvirt regression↗2010-11-08

▶

Ubuntu

libvirt vulnerabilities↗2010-10-21

▶

Red Hat

libvirt: ignoring defined disk backing store format when recursing into disk image backing stores↗2010-07-12

▶

Debian

CVE-2010-2238: libvirt - Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing ...↗2010

▶

💬Community

Bugzilla

CVE-2011-2178 libvirt: regression introduced in disk probe logic↗2011-06-01

▶

Bugzilla

CVE-2011-2178 libvirt: regression introduced in disk probe logic [fedora-15]↗2011-06-01

▶

Bugzilla

CVE-2010-2237 CVE-2010-2238 CVE-2010-2239 CVE-2010-2242 libvirt various flaws [fedora-all]↗2010-07-12

▶

Bugzilla

CVE-2010-2238 libvirt: ignoring defined disk backing store format when recursing into disk image backing stores↗2010-06-24

▶