VDB

DEBIAN-CVE-2013-4324

DEBIAN-CVE-2013-4324 PUBLISHED

spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

Affected Products

VendorProductVersions
Debian:12spice-gtk0, 0, 0
Debian:14spice-gtk0, 0, 0
Debian:13spice-gtk0, 0, 0
Debian:11spice-gtk0, 0, 0

Timeline

  • Oct 3, 2013 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›