Exploitation Summary
EIP tracks 1 public exploit for CVE-2015-8556. PoCs published by zx2c4.
AI-analyzed exploit summary This exploit leverages a TOCTOU (Time-of-Check Time-of-Use) race condition in virtfs-proxy-helper to gain root privileges by manipulating the /etc/shadow file. It uses inotify to monitor directory changes and symlink attacks to exploit the vulnerability.
Description
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
Exploits (1)
exploitdb
WORKING POC
by zx2c4 · clocallinux
https://www.exploit-db.com/exploits/39010
This exploit leverages a TOCTOU (Time-of-Check Time-of-Use) race condition in virtfs-proxy-helper to gain root privileges by manipulating the /etc/shadow file. It uses inotify to monitor directory changes and symlink attacks to exploit the vulnerability.
Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target:
QEMU virtfs-proxy-helper (versions with SUID or CAP_CHOWN capabilities)
No auth needed
Prerequisites:
virtfs-proxy-helper must be SUID or have CAP_CHOWN capabilities · Attacker must have local access to the system
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/39010/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/134948/Gentoo-QEMU-Local-Privilege-Escalation.html
Exploit, Third Party Advisory, VDB Entry vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201602-01
Scores
CVSS v3
10.0
EPSS
0.2121
EPSS Percentile
95.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-362
Status
published
Products (1)
qemu/qemu
< 2.4.1
Published
Mar 24, 2017
Tracked Since
Feb 18, 2026