9

CVE-2017-7471

Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version <= 2.8.1.1
QemuQemu Version2.9.0 Updaterc0
QemuQemu Version2.9.0 Updaterc1
QemuQemu Version2.9.0 Updaterc2
QemuQemu Version2.9.0 Updaterc3
QemuQemu Version2.9.0 Updaterc4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.86% 0.535
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9 2.3 6
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 7.7 5.1 10
AV:A/AC:L/Au:S/C:C/I:C/A:C
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://security.gentoo.org/glsa/201706-03
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/04/19/2
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/97970
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471
Patch
Third Party Advisory
Issue Tracking
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9c6b899f7a46893ab3b671e341a2234e9c0c060e