Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-8556Race Condition in Qemu

CWE-362Race ConditionCWE-250Execution with Unnecessary Privileges6 documents6 sources
Severity
10.0CRITICALNVD
EPSS
21.2%
top 4.32%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
QemuDebian Qemu
Timeline
PublishedMar 24
Latest updateMay 17

Description

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

NVDqemu/qemu2.4.1
debiandebian/qemu

🔴Vulnerability Details

1
GHSA
GHSA-ggvf-46pm-9ccw: Local privilege escalation vulnerability in the Gentoo QEMU package before 22022-05-17

💥Exploits & PoCs

1
Exploit-DB
QEMU (Gentoo) - Local Privilege Escalation2015-12-17

📋Vendor Advisories

2
Red Hat
Qemu: virtfs: local privilege escalation via virtfs-proxy-helper2015-12-14
Debian
CVE-2015-8556: qemu - Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0...2015

💬Community

1
Bugzilla
CVE-2015-8556 Qemu: virtfs: local privilege escalation via virtfs-proxy-helper2015-12-16