CVE-2010-2242 [Low] | Security Bypass in Libvirt

Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.06%	0.42%	+0.36%
2	2023-03-07	1.28%	0.06%	-1.22%
3	2023-02-13	—	1.28%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

0.06%

0.42%

+0.36%

2023-03-07

1.28%

0.06%

-1.22%

2023-02-13

—

1.28%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
2.1	2.0	LOW	`AV:L/AC:L/Au:N/C:P/I:N/A:N` Click to expand Access vector (AV:L) Requires local access to the target system. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:N) No availability impact.	3.9	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

2.1

2.0

LOW

AV:L/AC:L/Au:N/C:P/I:N/A:N Click to expand

Access vector (AV:L): Requires local access to the target system.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:N): No availability impact.

3.9

2.9

[email protected]

OS Trackers for CVE-2010-2242

vendor	priority	summary	link
`debian`	low	CVE-2010-2242 low priority: Debian including 1 source packages (libvirt), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2010-2242
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2010-2242
`suse`	low	CVE-2010-2242 severity low: SUSE including 342 source package names (libvirt-0.4.6-14.63.1, libvirt-0.7.6-1.12.2, …), 534 product×package rows across 37 product lines (SUSE Linux Enterprise Desktop 12, SUSE Linux Enterprise Desktop 12 SP1, … (37 product lines)): Fixed 534.	https://www.suse.com/security/cve/CVE-2010-2242/
`ubuntu`	low	CVE-2010-2242 low priority: Ubuntu including 1 source packages (libvirt), 7 status rows across 7 suites (dapper, hardy, jaunty, karmic, lucid, maverick, upstream): released 6, DNE 1.	https://ubuntu.com/security/CVE-2010-2242

Affected software / configurations for CVE-2010-2242

Vendor	Product	Version	Raw CPE
libvirt	libvirt	0.2.0	cpe:2.3:a:libvirt:libvirt:0.2.0:::::::*
libvirt	libvirt	0.2.1	cpe:2.3:a:libvirt:libvirt:0.2.1:::::::*
libvirt	libvirt	0.2.2	cpe:2.3:a:libvirt:libvirt:0.2.2:::::::*
libvirt	libvirt	0.2.3	cpe:2.3:a:libvirt:libvirt:0.2.3:::::::*
libvirt	libvirt	0.3.0	cpe:2.3:a:libvirt:libvirt:0.3.0:::::::*
libvirt	libvirt	0.3.1	cpe:2.3:a:libvirt:libvirt:0.3.1:::::::*
libvirt	libvirt	0.3.2	cpe:2.3:a:libvirt:libvirt:0.3.2:::::::*
libvirt	libvirt	0.3.3	cpe:2.3:a:libvirt:libvirt:0.3.3:::::::*
libvirt	libvirt	0.4.0	cpe:2.3:a:libvirt:libvirt:0.4.0:::::::*
libvirt	libvirt	0.4.1	cpe:2.3:a:libvirt:libvirt:0.4.1:::::::*
libvirt	libvirt	0.4.2	cpe:2.3:a:libvirt:libvirt:0.4.2:::::::*
libvirt	libvirt	0.4.3	cpe:2.3:a:libvirt:libvirt:0.4.3:::::::*
libvirt	libvirt	0.4.4	cpe:2.3:a:libvirt:libvirt:0.4.4:::::::*
libvirt	libvirt	0.4.6	cpe:2.3:a:libvirt:libvirt:0.4.6:::::::*
libvirt	libvirt	0.5.0	cpe:2.3:a:libvirt:libvirt:0.5.0:::::::*
libvirt	libvirt	0.5.1	cpe:2.3:a:libvirt:libvirt:0.5.1:::::::*
libvirt	libvirt	0.6.0	cpe:2.3:a:libvirt:libvirt:0.6.0:::::::*
libvirt	libvirt	0.6.1	cpe:2.3:a:libvirt:libvirt:0.6.1:::::::*
libvirt	libvirt	0.6.2	cpe:2.3:a:libvirt:libvirt:0.6.2:::::::*
libvirt	libvirt	0.6.3	cpe:2.3:a:libvirt:libvirt:0.6.3:::::::*
libvirt	libvirt	0.6.4	cpe:2.3:a:libvirt:libvirt:0.6.4:::::::*
libvirt	libvirt	0.6.5	cpe:2.3:a:libvirt:libvirt:0.6.5:::::::*
libvirt	libvirt	0.7.0	cpe:2.3:a:libvirt:libvirt:0.7.0:::::::*
libvirt	libvirt	0.7.1	cpe:2.3:a:libvirt:libvirt:0.7.1:::::::*
libvirt	libvirt	0.7.2	cpe:2.3:a:libvirt:libvirt:0.7.2:::::::*
libvirt	libvirt	0.7.3	cpe:2.3:a:libvirt:libvirt:0.7.3:::::::*
libvirt	libvirt	0.7.4	cpe:2.3:a:libvirt:libvirt:0.7.4:::::::*
libvirt	libvirt	0.7.5	cpe:2.3:a:libvirt:libvirt:0.7.5:::::::*
libvirt	libvirt	0.7.6	cpe:2.3:a:libvirt:libvirt:0.7.6:::::::*
libvirt	libvirt	0.7.7	cpe:2.3:a:libvirt:libvirt:0.7.7:::::::*
libvirt	libvirt	0.8.0	cpe:2.3:a:libvirt:libvirt:0.8.0:::::::*
libvirt	libvirt	0.8.1	cpe:2.3:a:libvirt:libvirt:0.8.1:::::::*
libvirt	libvirt	0.8.2	cpe:2.3:a:libvirt:libvirt:0.8.2:::::::*

References for CVE-2010-2242

URL	Tags
http://libvirt.org/news.html	Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://ubuntu.com/usn/usn-1008-1
http://ubuntu.com/usn/usn-1008-2
http://ubuntu.com/usn/usn-1008-3
http://www.redhat.com/support/errata/RHSA-2010-0615.html
http://www.vupen.com/english/advisories/2010/2062	Vendor Advisory
http://www.vupen.com/english/advisories/2010/2763
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943
https://bugzilla.redhat.com/show_bug.cgi?id=602455

URL

CVE-2010-2242

Exploit prediction scoring system (EPSS) score for CVE-2010-2242

Common vulnerability scoring system (CVSS) metrics for CVE-2010-2242

Weakness enumeration for CVE-2010-2242

OS Trackers for CVE-2010-2242

Affected software / configurations for CVE-2010-2242

References for CVE-2010-2242