High severity7.8NVD Advisory· Published Dec 2, 2016· Updated May 6, 2026

CVE-2016-9638

Description

In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This allows local users to elevate their privileges to root.

Affected products

BMC Software/Patrol
cpe:2.3:a:bmc:patrol:*:*:*:*:*:*:*:*
Range: <=9.13.10.01

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.nes.fr/securitylab/index.php/2016/12/02/privilege-escalation-on-bmc-patrolnvdExploitPatchThird Party Advisory
www.securityfocus.com/bid/95009nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1037385nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000