CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
28.1%
Andrew Griffiths discovered that QEMU did not correctly drop privileges
when using the ‘runas’ argument. Under certain circumstances a local
attacker could exploit this to escalate privileges.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 11.04 | noarch | qemu-kvm | < 0.14.0+noroms-0ubuntu4.4 | UNKNOWN |
Ubuntu | 11.04 | noarch | kvm | < 1:84+dfsg-0ubuntu16+0.14.0+noroms+0ubuntu4.4 | UNKNOWN |
Ubuntu | 11.04 | noarch | qemu | < 0.14.0+noroms-0ubuntu4.4 | UNKNOWN |
Ubuntu | 10.10 | noarch | qemu-kvm | < 0.12.5+noroms-0ubuntu7.10 | UNKNOWN |
Ubuntu | 10.10 | noarch | kvm | < 1:84+dfsg-0ubuntu16+0.12.5+noroms+0ubuntu7.10 | UNKNOWN |
Ubuntu | 10.10 | noarch | qemu | < 0.12.5+noroms-0ubuntu7.10 | UNKNOWN |
Ubuntu | 10.10 | noarch | qemu-arm-static | < 0.12.5+noroms-0ubuntu7.10 | UNKNOWN |
Ubuntu | 10.10 | noarch | qemu-kvm-extras | < 0.12.5+noroms-0ubuntu7.10 | UNKNOWN |
Ubuntu | 10.10 | noarch | qemu-kvm-extras-static | < 0.12.5+noroms-0ubuntu7.10 | UNKNOWN |
Ubuntu | 10.04 | noarch | qemu-kvm | < 0.12.3+noroms-0ubuntu9.15 | UNKNOWN |