Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2010-2238

Published: 19 August 2010

Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.

Notes

AuthorNote
jdstrand
AppArmor in Ubuntu 10.04 should mostly protect the host OS, but
an attacker in a virtual machine may be able to access files of another
machine.
upstream patch is highly intrusive, needs rewriting for all affected
releases, requires a conffile change and a migration helper.
Ubuntu 10.04 LTS is the first release to probe the backing stores
the changes for CVE-2010-2238 introduced LP: #665531. Upstream has
stated that "<driver name='qemu' type='host_device'/>" was only accidentally
supported and that they do not intend to fix it. Since this used to work on
10.04 LTS and a number of people were affected, a fix will be issued for
10.04 LTS only. Libvirt 0.8.3 (in Ubuntu 10.10) will not support specifying
type='host_device'. The discussion can be seen on the libvirt mailing.

Priority

Low

Status

Package Release Status
libvirt
Launchpad, Ubuntu, Debian
upstream
Released (0.8.3-1)
dapper Does not exist

hardy Not vulnerable

jaunty Not vulnerable

karmic Not vulnerable

lucid
Released (0.7.5-5ubuntu27.5)
maverick
Released (0.8.3-1ubuntu8)
This vulnerability is mitigated in part by an AppArmor profile.