Libvirt Security Notice: LSN-2010-0001 ====================================== Summary: Ignoring main disk format when looking up disk backing stores Reported on: 20100615 Published on: 20100712 Fixed on: 20100719 Reported by: Daniel Berrange Patched by: Daniel Berrange See also: CVE-2010-2237 Description ----------- Prior to starting a guest, or when hotplugging or unplugging a device the libvirt SELinux, DAC and CGroups security drivers need to determine full file chain associated with a disk image. This is done by traversing backing file formats referenced in the disk headers. The code did not, however, honour the disk format recorded in disk XML configuration, when reading disk images so a raw file could be mis-identifed as another type of file. Impact ------ The SELinux, DAC and CGroups code was not honouring disk formats so could be tricked into giving the VM access to files that were otherwise not permitted by its configuration. This can be done by taking what was expected to be a raw disks file and writing a qcow2 header into it. Workaround ---------- Do not use any raw disk images. Affected product ---------------- Name: libvirt Repository: https://gitlab.com/libvirt/libvirt Branch: master Broken in: v0.7.2 Broken in: v0.7.3 Broken in: v0.7.4 Broken in: v0.7.5 Broken in: v0.7.6 Broken in: v0.7.7 Broken in: v0.8.0 Broken in: v0.8.1 Broken in: v0.8.2 Fixed in: v0.8.3 Broken by: fe627697a3830cd2db0efcc201d8caa9e171263d Broken by: 15f5eaa09895d68b849a0b0ec458acdafe75d080 Broken by: 117d04fb1d388df700cc37c4d2a68189fab280c0 Fixed by: 68719c4bddb85fbcc931a5b7d99ac7c8a0af09b0