CVE-2010-2238
EPSS 0.07%
Description
Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
How to fix CVE-2010-2238
To remediate CVE-2010-2238, upgrade the affected package to a fixed version below.
- Debian/libvirt—upgrade to 0.8.3-1 or later
Is CVE-2010-2238 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.8.3-1