CVE-2013-1766Redhat Libvirt vulnerability

CWE-2647 documents7 sources
Severity
3.6LOWNVD
EPSS
0.1%
top 82.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Libvirt
Timeline
PublishedMar 20
Latest updateMay 17

Description

libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.

CVSS vector

AV:L/AC:L/C:N/I:P/A:PExploitability: 3.9 | Impact: 4.9

Affected Packages2 packages

Debianredhat/libvirt< 0.9.12-8+3
NVDredhat/libvirt1.0.2+71

🔴Vulnerability Details

3
GHSA
GHSA-c647-6rh6-6h3v: libvirt 12022-05-17
CVEList
CVE-2013-1766: libvirt 12013-03-20
OSV
CVE-2013-1766: libvirt 12013-03-20

📋Vendor Advisories

2
Red Hat
libvirt: kvm-group writable storage2013-02-25
Debian
CVE-2013-1766: libvirt - libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which al...2013

💬Community

1
Bugzilla
CVE-2013-1766 libvirt: kvm-group writable storage2013-02-26
CVE-2013-1766 — Redhat Libvirt vulnerability | cvebase