CVE-2013-4311
EPSS 0.02%
Description
libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
How to fix CVE-2013-4311
To remediate CVE-2013-4311, upgrade the affected package to a fixed version below.
- Debian/libvirt—upgrade to 1.1.3~rc1-1 or later
Is CVE-2013-4311 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.1.3~rc1-1