Unrated severityNVD Advisory· Published Oct 3, 2013· Updated Jun 16, 2026
CVE-2013-4324
CVE-2013-4324
Description
spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.