Home Packages KEV Critical Insights Jobs Pricing

Loading…

Data from OSV.dev, CISA KEV, and FIRST EPSS.Sync status GitHub

CVE-2013-1766 — libvirt - files and device nodes ownership change to kvm group · VulnScope

CVE-2013-1766

libvirt - files and device nodes ownership change to kvm group

EPSS 0.06%

Description

libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.

How to fix CVE-2013-1766

To remediate CVE-2013-1766, upgrade the affected package to a fixed version below.

Debian/libvirt—upgrade to 0.9.12-8 or later
Debian/libvirt—upgrade to 0.8.3-5+squeeze4 or later

Is CVE-2013-1766 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 0.9.12-8
from 0, < 0.8.3-5+squeeze4

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-1766

Metadata

Published: 3/20/2013
Modified: 3/9/2026

Also known as:

DSA-2650-1dsa
DEBIAN-CVE-2013-1766debian