The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script.

Related CVEs

CVE-2017-16638

Key Information

GHSA ID

GHSA-64jq-6pfg-748r

Published

May 13, 2022 1:44 AM

Last Modified

May 13, 2022 1:44 AM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 31, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.