CVE-2011-2527

The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
qemuqemu
𝑥
≤ 0.14.0
qemuqemu
0.1.0
qemuqemu
0.1.1
qemuqemu
0.1.2
qemuqemu
0.1.3
qemuqemu
0.1.4
qemuqemu
0.1.5
qemuqemu
0.1.6
qemuqemu
0.2.0
qemuqemu
0.3.0
qemuqemu
0.4.0
qemuqemu
0.4.1
qemuqemu
0.4.2
qemuqemu
0.4.3
qemuqemu
0.6.0
qemuqemu
0.6.1
qemuqemu
0.7.0
qemuqemu
0.7.1
qemuqemu
0.7.2
qemuqemu
0.8.0
qemuqemu
0.8.1
qemuqemu
0.8.2
qemuqemu
0.9.0
qemuqemu
0.9.1
qemuqemu
0.9.1-5
qemuqemu
0.10.0
qemuqemu
0.10.1
qemuqemu
0.10.2
qemuqemu
0.10.3
qemuqemu
0.10.4
qemuqemu
0.10.5
qemuqemu
0.10.6
qemuqemu
0.11.0
qemuqemu
0.11.0:rc0
qemuqemu
0.11.0:rc1
qemuqemu
0.11.0:rc2
qemuqemu
0.11.0-rc0
qemuqemu
0.11.0-rc1
qemuqemu
0.11.0-rc2
qemuqemu
0.11.1
qemuqemu
0.12.0
qemuqemu
0.12.0:rc1
qemuqemu
0.12.0:rc2
qemuqemu
0.12.1
qemuqemu
0.12.2
qemuqemu
0.12.3
qemuqemu
0.12.4
qemuqemu
0.12.5
qemuqemu
0.13.0
qemuqemu
0.13.0:rc0
qemuqemu
0.13.0:rc1
qemuqemu
0.14.0:rc0
qemuqemu
0.14.0:rc1
qemuqemu
0.14.0:rc2
qemuqemu
0.14.1
qemuqemu
0.15.0:rc1
qemuqemu
0.15.0:rc2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu-kvm
hardy
dne
lucid
Fixed 0.12.3+noroms-0ubuntu9.15
released
maverick
Fixed 0.12.5+noroms-0ubuntu7.10
released
natty
Fixed 0.14.0+noroms-0ubuntu4.4
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
qemu-img
RHEL 6
2:0.12.1.2-2.209.el6
fixed
qemu-kvm
RHEL 6
2:0.12.1.2-2.209.el6
fixed
qemu-kvm-tools
RHEL 6
2:0.12.1.2-2.209.el6
fixed
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html
http://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html
http://rhn.redhat.com/errata/RHSA-2011-1531.html
http://secunia.com/advisories/45187
http://secunia.com/advisories/45188
http://secunia.com/advisories/45419
http://secunia.com/advisories/47157
http://secunia.com/advisories/47992
http://ubuntu.com/usn/usn-1177-1
http://www.openwall.com/lists/oss-security/2011/07/12/15
http://www.openwall.com/lists/oss-security/2011/07/12/5
http://www.osvdb.org/74752
http://www.securityfocus.com/bid/48659
https://bugs.launchpad.net/qemu/+bug/807893
https://exchange.xforce.ibmcloud.com/vulnerabilities/68539
https://www.debian.org/security/2011/dsa-2282
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html
http://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html
http://rhn.redhat.com/errata/RHSA-2011-1531.html
http://secunia.com/advisories/45187
http://secunia.com/advisories/45188
http://secunia.com/advisories/45419
http://secunia.com/advisories/47157
http://secunia.com/advisories/47992
http://ubuntu.com/usn/usn-1177-1
http://www.openwall.com/lists/oss-security/2011/07/12/15
http://www.openwall.com/lists/oss-security/2011/07/12/5
http://www.osvdb.org/74752
http://www.securityfocus.com/bid/48659
https://bugs.launchpad.net/qemu/+bug/807893
https://exchange.xforce.ibmcloud.com/vulnerabilities/68539
https://www.debian.org/security/2011/dsa-2282