VDB
ALPINE-CVE-2018-10472
ALPINE-CVE-2018-10472
PUBLISHED
CVSS 5.599999904632568 MEDIUM
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
Risk Scores
CVSS 3.0
5.599999904632568
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.17 | xen | 4.2.1-r5, 0, 4.9.1-r3 |
| Alpine:v3.6 | xen | 4.8.3-r0, 0, 0 |
| Alpine:v3.19 | xen | 4.3.0-r3, 4.0.1-r1, 4.0.1-r2 |
| Alpine:v3.9 | xen | 4.0.1-r1, 0, 4.0.1-r0 |
| Alpine:v3.22 | xen | 4.2.1-r6, 0, 0 |
| Alpine:v3.23 | xen | 4.9.1-r2, 0, 0 |
| Alpine:v3.21 | xen | 4.7.1-r0, 0, 0 |
| Alpine:v3.16 | xen | 4.1.0-r2, 4.1.1-r0, 4.1.1-r1 |
| Alpine:v3.8 | xen | 4.1.0-r1, 0, 4.9.1-r3 |
| Alpine:v3.18 | xen | 4.2.0-r7, 4.2.1-r0, 4.2.1-r10 |
| Alpine:v3.7 | xen | 4.1.0-r1, 0, 0 |
| Alpine:v3.15 | xen | 4.2.1-r3, 0, 4.2.1-r2 |
| Alpine:v3.20 | xen | 4.3.2-r3, 4.0.1-r0, 4.0.1-r1 |
| Alpine:v3.13 | xen | 4.0.1-r0, 4.0.1-r0, 4.0.1-r2 |
| Alpine:v3.11 | xen | 0, 0, 4.9.1-r3 |
| Alpine:v3.14 | xen | 4.2.0-r4, 4.8.1-r1, 4.0.1-r0 |
| Alpine:v3.4 | xen | 4.5.1-r1, 0, 0 |
| Alpine:v3.5 | xen | 4.5.1-r2, 4.5.1-r0, 4.5.0-r0 |
| Alpine:v3.24 | xen | 0, 0 |
| Alpine:v3.10 | xen | 4.4.1-r1, 4.9.1-r3, 4.9.1-r2 |
…and 1 more
Timeline
- Apr 27, 2018 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 9, 2026 CVE Updated