CVE-2011-2527

The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
qemuqemu
𝑥
≤ 0.14.0
qemuqemu
0.1.0
qemuqemu
0.1.1
qemuqemu
0.1.2
qemuqemu
0.1.3
qemuqemu
0.1.4
qemuqemu
0.1.5
qemuqemu
0.1.6
qemuqemu
0.2.0
qemuqemu
0.3.0
qemuqemu
0.4.0
qemuqemu
0.4.1
qemuqemu
0.4.2
qemuqemu
0.4.3
qemuqemu
0.6.0
qemuqemu
0.6.1
qemuqemu
0.7.0
qemuqemu
0.7.1
qemuqemu
0.7.2
qemuqemu
0.8.0
qemuqemu
0.8.1
qemuqemu
0.8.2
qemuqemu
0.9.0
qemuqemu
0.9.1
qemuqemu
0.9.1-5
qemuqemu
0.10.0
qemuqemu
0.10.1
qemuqemu
0.10.2
qemuqemu
0.10.3
qemuqemu
0.10.4
qemuqemu
0.10.5
qemuqemu
0.10.6
qemuqemu
0.11.0
qemuqemu
0.11.0:rc0
qemuqemu
0.11.0:rc1
qemuqemu
0.11.0:rc2
qemuqemu
0.11.0-rc0
qemuqemu
0.11.0-rc1
qemuqemu
0.11.0-rc2
qemuqemu
0.11.1
qemuqemu
0.12.0
qemuqemu
0.12.0:rc1
qemuqemu
0.12.0:rc2
qemuqemu
0.12.1
qemuqemu
0.12.2
qemuqemu
0.12.3
qemuqemu
0.12.4
qemuqemu
0.12.5
qemuqemu
0.13.0
qemuqemu
0.13.0:rc0
qemuqemu
0.13.0:rc1
qemuqemu
0.14.0:rc0
qemuqemu
0.14.0:rc1
qemuqemu
0.14.0:rc2
qemuqemu
0.14.1
qemuqemu
0.15.0:rc1
qemuqemu
0.15.0:rc2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu-kvm
natty
Fixed 0.14.0+noroms-0ubuntu4.4
released
maverick
Fixed 0.12.5+noroms-0ubuntu7.10
released
lucid
Fixed 0.12.3+noroms-0ubuntu9.15
released
hardy
dne
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html
http://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html
http://rhn.redhat.com/errata/RHSA-2011-1531.html
http://secunia.com/advisories/45187
http://secunia.com/advisories/45188
http://secunia.com/advisories/45419
http://secunia.com/advisories/47157
http://secunia.com/advisories/47992
http://ubuntu.com/usn/usn-1177-1
http://www.openwall.com/lists/oss-security/2011/07/12/15
http://www.openwall.com/lists/oss-security/2011/07/12/5
http://www.osvdb.org/74752
http://www.securityfocus.com/bid/48659
https://bugs.launchpad.net/qemu/+bug/807893
https://exchange.xforce.ibmcloud.com/vulnerabilities/68539
https://www.debian.org/security/2011/dsa-2282
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html
http://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html
http://rhn.redhat.com/errata/RHSA-2011-1531.html
http://secunia.com/advisories/45187
http://secunia.com/advisories/45188
http://secunia.com/advisories/45419
http://secunia.com/advisories/47157
http://secunia.com/advisories/47992
http://ubuntu.com/usn/usn-1177-1
http://www.openwall.com/lists/oss-security/2011/07/12/15
http://www.openwall.com/lists/oss-security/2011/07/12/5
http://www.osvdb.org/74752
http://www.securityfocus.com/bid/48659
https://bugs.launchpad.net/qemu/+bug/807893
https://exchange.xforce.ibmcloud.com/vulnerabilities/68539
https://www.debian.org/security/2011/dsa-2282