CVE Vulnerabilities

CVE-2013-4291

Published: Sep 30, 2013 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
1.9 LOW
AV:L/AC:M/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu
MEDIUM

The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.

Affected Software

Name Vendor Start Version End Version
Libvirt Redhat 0.10.2.7 (including) 0.10.2.7 (including)
Libvirt Redhat 1.0.5.5 (including) 1.0.5.5 (including)
Libvirt Redhat 1.1.1 (including) 1.1.1 (including)
Libvirt Ubuntu devel *
Libvirt Ubuntu upstream *

References