{
  "modified": "2025-08-09T19:01:29Z",
  "published": "2013-09-30T21:55:09Z",
  "id": "CVE-2013-4291",
  "details": "The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.",
  "references": [
    {
      "type": "FIX",
      "url": "http://wiki.libvirt.org/page/Maintenance_Releases"
    },
    {
      "type": "FIX",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006509"
    },
    {
      "type": "WEB",
      "url": "http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fe11d34a6d46d6641ce90dc665164fda7bb6bff8"
    },
    {
      "type": "WEB",
      "url": "http://libvirt.org/news.html"
    }
  ]
}