Lucene search

K
cve[email protected]CVE-2011-2527
HistoryJun 21, 2012 - 3:55 p.m.

CVE-2011-2527

2012-06-2115:55:09
CWE-264
web.nvd.nist.gov
38
qemu
cve-2011-2527
privilege escalation
vulnerability
nvd

6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

28.1%

The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.

Affected configurations

NVD
Node
qemuqemuRange0.14.0
OR
qemuqemuMatch0.1.0
OR
qemuqemuMatch0.1.1
OR
qemuqemuMatch0.1.2
OR
qemuqemuMatch0.1.3
OR
qemuqemuMatch0.1.4
OR
qemuqemuMatch0.1.5
OR
qemuqemuMatch0.1.6
OR
qemuqemuMatch0.2.0
OR
qemuqemuMatch0.3.0
OR
qemuqemuMatch0.4.0
OR
qemuqemuMatch0.4.1
OR
qemuqemuMatch0.4.2
OR
qemuqemuMatch0.4.3
OR
qemuqemuMatch0.6.0
OR
qemuqemuMatch0.6.1
OR
qemuqemuMatch0.7.0
OR
qemuqemuMatch0.7.1
OR
qemuqemuMatch0.7.2
OR
qemuqemuMatch0.8.0
OR
qemuqemuMatch0.8.1
OR
qemuqemuMatch0.8.2
OR
qemuqemuMatch0.9.0
OR
qemuqemuMatch0.9.1
OR
qemuqemuMatch0.9.1-5
OR
qemuqemuMatch0.10.0
OR
qemuqemuMatch0.10.1
OR
qemuqemuMatch0.10.2
OR
qemuqemuMatch0.10.3
OR
qemuqemuMatch0.10.4
OR
qemuqemuMatch0.10.5
OR
qemuqemuMatch0.10.6
OR
qemuqemuMatch0.11.0
OR
qemuqemuMatch0.11.0rc0
OR
qemuqemuMatch0.11.0rc1
OR
qemuqemuMatch0.11.0rc2
OR
qemuqemuMatch0.11.0-rc0
OR
qemuqemuMatch0.11.0-rc1
OR
qemuqemuMatch0.11.0-rc2
OR
qemuqemuMatch0.11.1
OR
qemuqemuMatch0.12.0
OR
qemuqemuMatch0.12.0rc1
OR
qemuqemuMatch0.12.0rc2
OR
qemuqemuMatch0.12.1
OR
qemuqemuMatch0.12.2
OR
qemuqemuMatch0.12.3
OR
qemuqemuMatch0.12.4
OR
qemuqemuMatch0.12.5
OR
qemuqemuMatch0.13.0
OR
qemuqemuMatch0.13.0rc0
OR
qemuqemuMatch0.13.0rc1
OR
qemuqemuMatch0.14.0rc0
OR
qemuqemuMatch0.14.0rc1
OR
qemuqemuMatch0.14.0rc2
OR
qemuqemuMatch0.14.1
OR
qemuqemuMatch0.15.0rc1
OR
qemuqemuMatch0.15.0rc2

6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

28.1%