Lima: An arbitrary user in a QEMU VM could gain the root privilege in the VM via the guest agent socket
Summary
| CVE | CVE-2026-53657 |
|---|---|
| State | PUBLISHED |
| Assigner | GitHub_M |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-10 17:16:57 UTC |
| Updated | 2026-07-10 19:10:59 UTC |
| Description | Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabled, which could result in running arbitrary commands with root privileges in the VM because the guest agent socket provides tunneling for arbitrary addresses, including Unix socket addresses for privileged daemons like D-Bus. This issue is fixed in version 2.1.3. |
Risk And Classification
Primary CVSS: v3.1 8.2 HIGH from [email protected]
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS: 0.001970000 probability, percentile 0.095460000 (date 2026-07-12)
Problem Types: CWE-276 | CWE-668 | CWE-276 CWE-276: Incorrect Default Permissions | CWE-668 CWE-668: Exposure of Resource to Wrong Sphere
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 8.2 | HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| 3.1 | CNA | DECLARED | 8.2 | HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
HighUser Interaction
NoneScope
ChangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| github.com/lima-vm/lima/commit/8a45892378d22f40505c31a38f786a07701b6d50 | [email protected] | github.com | |
| github.com/lima-vm/lima/commit/b08cae8a670cf916d5da11c48a6de76dabd89678 | [email protected] | github.com | |
| github.com/lima-vm/lima/releases/tag/v2.1.3 | [email protected] | github.com | |
| github.com/lima-vm/lima/security/advisories/GHSA-2j9v-p4xj-cjw2 | [email protected] | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.