CVE-2010-2238
Published: 19 August 2010
Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Notes
Author | Note |
---|---|
jdstrand | AppArmor in Ubuntu 10.04 should mostly protect the host OS, but an attacker in a virtual machine may be able to access files of another machine. upstream patch is highly intrusive, needs rewriting for all affected releases, requires a conffile change and a migration helper. Ubuntu 10.04 LTS is the first release to probe the backing stores the changes for CVE-2010-2238 introduced LP: #665531. Upstream has stated that "<driver name='qemu' type='host_device'/>" was only accidentally supported and that they do not intend to fix it. Since this used to work on 10.04 LTS and a number of people were affected, a fix will be issued for 10.04 LTS only. Libvirt 0.8.3 (in Ubuntu 10.10) will not support specifying type='host_device'. The discussion can be seen on the libvirt mailing. |
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
upstream |
Released
(0.8.3-1)
|
dapper |
Does not exist
|
|
hardy |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
lucid |
Released
(0.7.5-5ubuntu27.5)
|
|
maverick |
Released
(0.8.3-1ubuntu8)
|
|
This vulnerability is mitigated in part by an AppArmor profile. |