CVE-2013-4291

EPSS 0.05%

Published: 9/30/2013Modified: 4/28/2026

Also known as:DEBIAN-CVE-2013-4291

Description

The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.

Affected packages (1)

Debian/libvirtfrom 0, < 1.1.2-2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-4291