CVE-2013-1766

libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.