CVE 2010-2238
Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Related bugs and status
CVE-2010-2238 (Candidate) is related to these bugs:
Bug #578527: map serial port throws "chardev: opening backend "tty" failed"
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 578527 | map serial port throws "chardev: opening backend "tty" failed" | libvirt (Ubuntu) | Low | Fix Released | ||
| 578527 | map serial port throws "chardev: opening backend "tty" failed" | libvirt | Medium | Won't Fix | ||
| 578527 | map serial port throws "chardev: opening backend "tty" failed" | libvirt (Ubuntu Lucid) | Low | Won't Fix | ||
| 578527 | map serial port throws "chardev: opening backend "tty" failed" | libvirt (Ubuntu Maverick) | Low | Fix Released | ||
Bug #585964: VMs won't start after purging apparmor
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 585964 | VMs won't start after purging apparmor | libvirt (Ubuntu) | Low | Fix Released | ||
Bug #588369: can't disable AppArmor via qemu.conf
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 588369 | can't disable AppArmor via qemu.conf | libvirt (Ubuntu) | Low | Fix Released | ||
Bug #609055: problems with using parallel port
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 609055 | problems with using parallel port | libvirt (Ubuntu) | Undecided | Fix Released | ||
Bug #613549: does not support cloning vm storage on lvm backend
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 613549 | does not support cloning vm storage on lvm backend | libvirt (Ubuntu) | Low | Fix Released | ||
| 613549 | does not support cloning vm storage on lvm backend | virt-manager (Ubuntu) | Undecided | Invalid | ||
Bug #656173: libvirt no longer probes chained backing stores
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 656173 | libvirt no longer probes chained backing stores | libvirt (Ubuntu) | Undecided | Won't Fix | ||
| 656173 | libvirt no longer probes chained backing stores | Release Notes for Ubuntu | Undecided | Fix Released | ||
Bug #795800: virsh save fails on oneiric when the apparmor security driver is enabled
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 795800 | virsh save fails on oneiric when the apparmor security driver is enabled | libvirt (Ubuntu) | High | Fix Released | ||
| 795800 | virsh save fails on oneiric when the apparmor security driver is enabled | libvirt (Ubuntu Oneiric) | High | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
