The KVMTest method in the com.ubuntu.USBCreator D-Bus service in Ubuntu Linux can invoke the 'kvm' binary with root privileges using an arbitrary environment provided by an unprivileged user. This flaw can be leveraged by a local unprivileged attacker to gain root privileges. The target system must have the 'kvm' binary in the search path (that usually means that the qemu-kvm package must be installed). Also, the system must have at least 768 Mb of free RAM at the moment the exploit is executed; otherwise the vulnerable service will refuse to run.
CVE Link
Exploit Platform
Exploit Type
Product Name