CVE-2012-2652

EPSS 0.07%

qemu - multiple

Published: 8/7/2012Modified: 4/28/2026

Description

The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.

Affected packages (3)

Debian/qemufrom 0, < 1.1.0+dfsg-1
Debian/qemufrom 0, < 0.12.5+dfsg-3squeeze2
Debian/qemu-kvmfrom 0, < 0.12.5+dfsg-5+squeeze9

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-2652