Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2013-4291

The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.

  • Published: Sep 30, 2013
  • Updated: Apr 13, 2023
  • CVE: CVE-2013-4291
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.9
  • AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
redhat / libvirt 0.10.2.7 0.10.2.7.x
redhat / libvirt 1.1.1 1.1.1.x
redhat / libvirt 1.0.5.5 1.0.5.5.x