CVE-2011-2527
Published: 26 July 2011
The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.
Notes
Author | Note |
---|---|
jdstrand | potential privilege escalation via supplementary groups |
Priority
Status
Package | Release | Status |
---|---|---|
qemu-kvm Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
hardy |
Does not exist
|
|
lucid |
Released
(0.12.3+noroms-0ubuntu9.15)
|
|
maverick |
Released
(0.12.5+noroms-0ubuntu7.10)
|
|
natty |
Released
(0.14.0+noroms-0ubuntu4.4)
|
|
Patches: vendor: http://www.debian.org/security/2011/dsa-2282 |