CVE-2013-4311
published 2013-10-03CVE-2013-4311: libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging…
medium4.6CVSS 3.1
AVLACLAuNCPIPAP
libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | libvirt | < libvirt 1.1.3~rc1-1 (bookworm) | libvirt 1.1.3~rc1-1 (bookworm) |
| redhat | enterprise_linux | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | >= 0 < 1.1.3~rc1-1 | 1.1.3~rc1-1 |
| redhat | libvirt | >= 0 < 1.1.3~rc1-1 | 1.1.3~rc1-1 |
| redhat | libvirt | >= 0 < 1.1.3~rc1-1 | 1.1.3~rc1-1 |
| redhat | libvirt | >= 0 < 1.1.3~rc1-1 | 1.1.3~rc1-1 |
CVSS provenance
nvd4.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv7.2HIGH