Improper Group Privilege Handling in Qemu 0.14.0 and Earlier

Improper Group Privilege Handling in Qemu 0.14.0 and Earlier

CVE-2011-2527 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.

Learn more about our User Device Pen Test.