7.5 High
AI Score
Confidence
Low
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:S/C:C/I:N/A:N
0.022 Low
EPSS
Percentile
89.4%
It was discovered that libvirt did not use thread-safe error reporting. A
remote attacker could exploit this to cause a denial of service via
application crash. (CVE-2011-1486)
Eric Blake discovered that libvirt had an off-by-one error which could
be used to reopen disk probing and bypass the fix for CVE-2010-2238. A
privileged attacker in the guest could exploit this to read arbitrary files
on the host. This issue only affected Ubuntu 11.04. By default, guests are
confined by an AppArmor profile which provided partial protection against
this flaw. (CVE-2011-2178)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 11.04 | noarch | libvirt0 | < 0.8.8-1ubuntu6.2 | UNKNOWN |
Ubuntu | 11.04 | noarch | libvirt-bin | < 0.8.8-1ubuntu6.2 | UNKNOWN |
Ubuntu | 11.04 | noarch | libvirt-dev | < 0.8.8-1ubuntu6.2 | UNKNOWN |
Ubuntu | 11.04 | noarch | libvirt0-dbg | < 0.8.8-1ubuntu6.2 | UNKNOWN |
Ubuntu | 11.04 | noarch | python-libvirt | < 0.8.8-1ubuntu6.2 | UNKNOWN |
Ubuntu | 10.10 | noarch | libvirt0 | < 0.8.3-1ubuntu18 | UNKNOWN |
Ubuntu | 10.10 | noarch | libvirt-bin | < 0.8.3-1ubuntu18 | UNKNOWN |
Ubuntu | 10.10 | noarch | libvirt-dev | < 0.8.3-1ubuntu18 | UNKNOWN |
Ubuntu | 10.10 | noarch | libvirt0-dbg | < 0.8.3-1ubuntu18 | UNKNOWN |
Ubuntu | 10.10 | noarch | python-libvirt | < 0.8.3-1ubuntu18 | UNKNOWN |