VDB

ALPINE-CVE-2018-10472

ALPINE-CVE-2018-10472 PUBLISHED CVSS 5.599999904632568 MEDIUM

An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.

Risk Scores

CVSS 3.0
5.599999904632568
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Products

VendorProductVersions
Alpine:v3.17xen4.2.1-r5, 0, 4.9.1-r3
Alpine:v3.6xen4.8.3-r0, 0, 0
Alpine:v3.19xen4.3.0-r3, 4.0.1-r1, 4.0.1-r2
Alpine:v3.9xen4.0.1-r1, 0, 4.0.1-r0
Alpine:v3.22xen4.2.1-r6, 0, 0
Alpine:v3.23xen4.9.1-r2, 0, 0
Alpine:v3.21xen4.7.1-r0, 0, 0
Alpine:v3.16xen4.1.0-r2, 4.1.1-r0, 4.1.1-r1
Alpine:v3.8xen4.1.0-r1, 0, 4.9.1-r3
Alpine:v3.18xen4.2.0-r7, 4.2.1-r0, 4.2.1-r10
Alpine:v3.7xen4.1.0-r1, 0, 0
Alpine:v3.15xen4.2.1-r3, 0, 4.2.1-r2
Alpine:v3.20xen4.3.2-r3, 4.0.1-r0, 4.0.1-r1
Alpine:v3.13xen4.0.1-r0, 4.0.1-r0, 4.0.1-r2
Alpine:v3.11xen0, 0, 4.9.1-r3
Alpine:v3.14xen4.2.0-r4, 4.8.1-r1, 4.0.1-r0
Alpine:v3.4xen4.5.1-r1, 0, 0
Alpine:v3.5xen4.5.1-r2, 4.5.1-r0, 4.5.0-r0
Alpine:v3.24xen0, 0
Alpine:v3.10xen4.4.1-r1, 4.9.1-r3, 4.9.1-r2

…and 1 more

Timeline

  • Apr 27, 2018 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 9, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›