CVE-2010-2239 — Libvirt vulnerability

CWE-2649 documents8 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 74.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt Libvirt

Timeline

PublishedAug 19

Latest updateMay 17

Description

Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors.

CVSS vector

AV:L/AC:M/C:C/I:N/A:NExploitability: 2.7 | Impact: 6.9

Affected Packages2 packages

▶Debianredhat/libvirt< 0.8.3-1+3

▶NVDlibvirt/libvirt17 versions+16

🔴Vulnerability Details

GHSA

GHSA-9w2j-rv9v-ph7h: Red Hat libvirt, possibly 0↗2022-05-17

▶

OSV

CVE-2010-2239: Red Hat libvirt, possibly 0↗2010-08-19

▶

CVEList

CVE-2010-2239: Red Hat libvirt, possibly 0↗2010-08-19

▶

📋Vendor Advisories

Ubuntu

libvirt vulnerabilities↗2010-10-21

▶

Red Hat

libvirt: not setting user defined backing store format when creating new image↗2010-07-12

▶

Debian

CVE-2010-2239: libvirt - Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without settin...↗2010

▶

💬Community

Bugzilla

CVE-2010-2237 CVE-2010-2238 CVE-2010-2239 CVE-2010-2242 libvirt various flaws [fedora-all]↗2010-07-12

▶

Bugzilla

CVE-2010-2239 libvirt: not setting user defined backing store format when creating new image↗2010-06-24

▶