CVE-2012-2652 — Time-of-check Time-of-use (TOCTOU) Race Condition in Qemu

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition8 documents7 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 79.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu

Timeline

PublishedAug 7

Latest updateMay 17

Description

The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/qemu< qemu 1.1.0+dfsg-1 (bookworm)

▶Debianqemu/qemu< 1.1.0+dfsg-1+3

▶NVDqemu/qemu1.0

🔴Vulnerability Details

GHSA

GHSA-47rg-xchh-xj5g: The bdrv_open function in Qemu 1↗2022-05-17

▶

OSV

CVE-2012-2652: The bdrv_open function in Qemu 1↗2012-08-07

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerability↗2012-08-02

▶

Red Hat

qemu: vulnerable to temporary file symlink attacks↗2012-05-28

▶

Debian

CVE-2012-2652: qemu - The bdrv_open function in Qemu 1.0 does not properly handle the failure of the m...↗2012

▶

💬Community

Bugzilla

CVE-2012-2652 qemu: vulnerable to temporary file symlink attacks [fedora-all]↗2012-05-28

▶

Bugzilla

CVE-2012-2652 qemu: vulnerable to temporary file symlink attacks↗2012-05-24

▶