Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24799

HistoryApr 10, 2020 - 1:05 a.m.

Privilege Escalation

2020-04-1001:05:48

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

17

EPSS

0.001

Percentile

28.1%

qemu-kvm is vulnerable to privilege escalation. It was found that qemu-kvm did not properly drop supplemental group privileges when the root user started guests from the command line (“/usr/libexec/qemu-kvm”) with the “-runas” option. A qemu-kvm process started this way could use this flaw to gain access to files on the host that are accessible to the supplementary groups and not accessible to the primary group.

References

lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html

lists.opensuse.org/opensuse-updates/2012-02/msg00009.html

rhn.redhat.com/errata/RHSA-2011-1531.html

secunia.com/advisories/45187

secunia.com/advisories/45188

secunia.com/advisories/45419

secunia.com/advisories/47157

secunia.com/advisories/47992

ubuntu.com/usn/usn-1177-1

www.openwall.com/lists/oss-security/2011/07/12/15

www.openwall.com/lists/oss-security/2011/07/12/5

www.osvdb.org/74752

www.securityfocus.com/bid/48659

access.redhat.com/errata/RHSA-2011:1531

access.redhat.com/security/updates/classification/#moderate

bugs.launchpad.net/qemu/+bug/807893

docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.2_Technical_Notes/qemu-kvm.html#RHSA-2011-1531

exchange.xforce.ibmcloud.com/vulnerabilities/68539

www.debian.org/security/2011/dsa-2282

EPSS

0.001

Percentile

28.1%

Related for VERACODE:24799

openvas10 nvd1 nessus8 ubuntucve1 cve1 prion1 cvelist1 redhat1 ubuntu1 osv1 debian1 oraclelinux1 securityvulns2 fedora1