|Bugzilla:||720773: CVE-2011-2527 qemu: when started as root, extra groups are not dropped correctly|
The MITRE CVE dictionary describes this issue as:
The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.
Future qemu-kvm updates in Red Hat Enterprise Linux 6 may address this flaw. This issue did not affect the versions of qemu-kvm as shipped with Red Hat Enterprise Linux 5 as it did not include support for "run as" functionality.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Enterprise Linux version 6 (qemu-kvm)||RHSA-2011:1531||December 05, 2011|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.