Severity by source
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description says any 'arbitrary user in the VM' can reach the socket, so PR:L not PR:H; local-only vector, no interaction, and escalation across the agent boundary to root justifies S:C with full CIA impact.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabled, which could result in running arbitrary commands with root privileges in the VM because the guest agent socket provides tunneling for arbitrary addresses, including Unix socket addresses for privileged daemons like D-Bus. This issue is fixed in version 2.1.3.
AnalysisAI
Local privilege escalation in Lima (lima-vm) before 2.1.3 lets any unprivileged user inside a guest VM reach root when the instance runs the QEMU driver with the guest agent enabled. Because the world-reachable /run/lima-guestagent.sock exposes address tunneling - including Unix sockets for privileged daemons such as D-Bus - an in-guest attacker can proxy to root-owned services and execute arbitrary commands as root. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires a Lima instance running specifically with the QEMU driver AND the guest agent enabled, plus the attacker already having any unprivileged local user account/shell inside the guest VM (AV:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are moderately consistent but not urgent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with any unprivileged shell in a Lima QEMU guest (e.g., a compromised container escape to the VM user, or a shared multi-user VM) opens /run/lima-guestagent.sock and requests a tunnel to a privileged Unix socket such as the system D-Bus. Through that root-owned daemon they invoke privileged methods to run commands as root inside the VM, completing local privilege escalation. … |
| Remediation | Vendor-released patch: upgrade Lima to version 2.1.3 or later, which fixes the guest agent socket exposure (fix commits 8a45892378d22f40505c31a38f786a07701b6d50 and b08cae8a670cf916d5da11c48a6de76dabd89678; advisory GHSA-2j9v-p4xj-cjw2). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all systems running Lima with QEMU driver and guest agent enabled; identify which VMs contain sensitive workloads or span multiple user access. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42933