Executive Summary

Title QEMU vulnerability
Name USN-1177-1 First vendor Publication 2011-07-27
Vendor Ubuntu Last vendor Modification 2011-07-27
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 2.1 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS


QEMU could be made to run with adminstrator group privileges under certain circumstances.

Software Description: - qemu-kvm: Machine emulator and virtualizer


Andrew Griffiths discovered that QEMU did not correctly drop privileges when using the 'runas' argument. Under certain circumstances a local attacker could exploit this to escalate privileges.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.04:
qemu-kvm 0.14.0+noroms-0ubuntu4.4

Ubuntu 10.10:
qemu-kvm 0.12.5+noroms-0ubuntu7.10
qemu-kvm-extras 0.12.5+noroms-0ubuntu7.10
qemu-kvm-extras-static 0.12.5+noroms-0ubuntu7.10

Ubuntu 10.04 LTS:
qemu-kvm 0.12.3+noroms-0ubuntu9.15
qemu-kvm-extras 0.12.3+noroms-0ubuntu9.15
qemu-kvm-extras-static 0.12.3+noroms-0ubuntu9.15

In general, a standard system update will make all the necessary changes.


Package Information:

Original Source

Url : http://www.ubuntu.com/usn/USN-1177-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12960
Oval ID: oval:org.mitre.oval:def:12960
Title: DSA-2282-1 qemu-kvm -- several
Description: Two vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware: CVE-2011-2212 Nelson Elhage discovered a buffer overflow in the virtio subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2527 Andrew Griffiths discovered that group privileges were insufficiently dropped when started with -runas option, resulting in privilege escalation.
Family: unix Class: patch
Reference(s): DSA-2282-1
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14171
Oval ID: oval:org.mitre.oval:def:14171
Title: USN-1177-1 -- qemu-kvm vulnerability
Description: qemu-kvm: Machine emulator and virtualizer QEMU could be made to run with adminstrator group privileges under certain circumstances.
Family: unix Class: patch
Reference(s): USN-1177-1
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26941
Oval ID: oval:org.mitre.oval:def:26941
Title: RHSA-2011:1531 -- qemu-kvm security, bug fix, and enhancement update (Moderate)
Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that qemu-kvm did not properly drop supplemental group privileges when the root user started guests from the command line ("/usr/libexec/qemu-kvm") with the "-runas" option. A qemu-kvm process started this way could use this flaw to gain access to files on the host that are accessible to the supplementary groups and not accessible to the primary group. (CVE-2011-2527) Note: This issue only affected qemu-kvm when it was started directly from the command line. It did not affect the Red Hat Enterprise Virtualization platform or applications that start qemu-kvm via libvirt, such as the Virtual Machine Manager (virt-manager). This update also fixes several bugs and adds various enhancements. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notes document, linked to in the References section. All users of qemu-kvm are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2011:1531
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27567
Oval ID: oval:org.mitre.oval:def:27567
Title: ELSA-2011-1531 -- qemu-kvm security, bug fix, and enhancement update (moderate)
Description: [qemu-kvm-] - kvm-hda-do-not-mix-output-and-input-streams-RHBZ-740493-v2.patch [bz#740493] - kvm-hda-do-not-mix-output-and-input-stream-states-RHBZ-740493-v2.patch [bz#740493] - kvm-intel-hda-fix-stream-search.patch [bz#740493] - Resolves: bz#740493 (audio playing doesn't work when sound recorder is opened)
Family: unix Class: patch
Reference(s): ELSA-2011-1531
Version: 3
Platform(s): Oracle Linux 6
Product(s): qemu-kvm
Definition Synopsis:

CPE : Common Platform Enumeration

Application 66

OpenVAS Exploits

Date Description
2012-07-09 Name : RedHat Update for qemu-kvm RHSA-2011:1531-03
File : nvt/gb_RHSA-2011_1531-03_qemu-kvm.nasl
2012-06-08 Name : Fedora Update for qemu FEDORA-2012-8604
File : nvt/gb_fedora_2012_8604_qemu_fc15.nasl
2011-08-07 Name : Debian Security Advisory DSA 2282-1 (qemu-kvm)
File : nvt/deb_2282_1.nasl
2011-08-02 Name : Ubuntu Update for qemu-kvm USN-1177-1
File : nvt/gb_ubuntu_USN_1177_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
74752 qemu-kvm -runas Option Local Privilege Escalation

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_kvm-120124.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1531.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111206_qemu_kvm_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-06-08 Name : The remote Fedora host is missing a security update.
File : fedora_2012-8604.nasl - Type : ACT_GATHER_INFO
2012-01-30 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_kvm-120116.nasl - Type : ACT_GATHER_INFO
2011-07-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1177-1.nasl - Type : ACT_GATHER_INFO
2011-07-26 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2282.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2014-02-17 11:58:49
  • Multiple Updates