Public Date:
720773: CVE-2011-2527 qemu: when started as root, extra groups are not dropped correctly

The MITRE CVE dictionary describes this issue as:

The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.

Find out more about CVE-2011-2527 from the MITRE CVE dictionary dictionary and NIST NVD.


Future qemu-kvm updates in Red Hat Enterprise Linux 6 may address this flaw. This issue did not affect the versions of qemu-kvm as shipped with Red Hat Enterprise Linux 5 as it did not include support for "run as" functionality.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 3.7
Base Metrics AV:L/AC:H/Au:N/C:P/I:P/A:P
Access Vector Local
Access Complexity High
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux version 6 (qemu-kvm) RHSA-2011:1531 2011-12-05

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 kvm Not affected