CVE 2010-2237
Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Related bugs and status
CVE-2010-2237 (Candidate) is related to these bugs:
Bug #578527: map serial port throws "chardev: opening backend "tty" failed"
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 578527 | map serial port throws "chardev: opening backend "tty" failed" | libvirt (Ubuntu) | Low | Fix Released | ||
| 578527 | map serial port throws "chardev: opening backend "tty" failed" | libvirt | Medium | Won't Fix | ||
| 578527 | map serial port throws "chardev: opening backend "tty" failed" | libvirt (Ubuntu Lucid) | Low | Won't Fix | ||
| 578527 | map serial port throws "chardev: opening backend "tty" failed" | libvirt (Ubuntu Maverick) | Low | Fix Released | ||
Bug #585964: VMs won't start after purging apparmor
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 585964 | VMs won't start after purging apparmor | libvirt (Ubuntu) | Low | Fix Released | ||
Bug #588369: can't disable AppArmor via qemu.conf
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 588369 | can't disable AppArmor via qemu.conf | libvirt (Ubuntu) | Low | Fix Released | ||
Bug #609055: problems with using parallel port
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 609055 | problems with using parallel port | libvirt (Ubuntu) | Undecided | Fix Released | ||
Bug #613549: does not support cloning vm storage on lvm backend
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 613549 | does not support cloning vm storage on lvm backend | libvirt (Ubuntu) | Low | Fix Released | ||
| 613549 | does not support cloning vm storage on lvm backend | virt-manager (Ubuntu) | Undecided | Invalid | ||
Bug #656173: libvirt no longer probes chained backing stores
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 656173 | libvirt no longer probes chained backing stores | libvirt (Ubuntu) | Undecided | Won't Fix | ||
| 656173 | libvirt no longer probes chained backing stores | Release Notes for Ubuntu | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
