Описание
The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 0.14.0+noroms-0ubuntu9 |
| hardy | DNE | |
| lucid | released | 0.12.3+noroms-0ubuntu9.15 |
| maverick | released | 0.12.5+noroms-0ubuntu7.10 |
| natty | released | 0.14.0+noroms-0ubuntu4.4 |
| upstream | needs-triage |
Показывать по
EPSS
2.1 Low
CVSS2
Связанные уязвимости
The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.
The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.
The change_process_uid function in os-posix.c in Qemu 0.14.0 and earli ...
The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.
ELSA-2011-1531: qemu-kvm security, bug fix, and enhancement update (MODERATE)
EPSS
2.1 Low
CVSS2