CVE-2012-2652

Name of the Vulnerable Software and Affected Versions Qemu version 1.0

Description The issue arises from the bdrv open function in Qemu, which fails to properly handle the failure of the mkstemp function when in snapshot node. This allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.

Recommendations For Qemu version 1.0, consider restricting access to the bdrv open function until a patch is available, or apply configuration changes to prevent local users from exploiting the mkstemp function failure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.