CVE-2013-4291
published 2013-09-30CVE-2013-4291: The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group…
medium6.9CVSS 3.1
AVLACMAuNCCICAC
The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libvirt | < libvirt 1.1.2-2 (bookworm) | libvirt 1.1.2-2 (bookworm) |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | >= 0 < 1.1.2-2 | 1.1.2-2 |
| redhat | libvirt | >= 0 < 1.1.2-2 | 1.1.2-2 |
| redhat | libvirt | >= 0 < 1.1.2-2 | 1.1.2-2 |
| redhat | libvirt | >= 0 < 1.1.2-2 | 1.1.2-2 |
CVSS provenance
nvd6.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM