CVE-2011-2178 | Date: (C)2011-08-10 (M)2023-12-22 |
The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V2 Severity: |
CVSS Score : 4.4 |
Exploit Score: 2.7 |
Impact Score: 6.9 |
|
CVSS V2 Metrics: |
Access Vector: LOCAL |
Access Complexity: MEDIUM |
Authentication: SINGLE |
Confidentiality: COMPLETE |
Integrity: NONE |
Availability: NONE |
| |