9

CVE-2017-7471

Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version <= 2.8.1.1
QemuQemu Version2.9.0 Updaterc0
QemuQemu Version2.9.0 Updaterc1
QemuQemu Version2.9.0 Updaterc2
QemuQemu Version2.9.0 Updaterc3
QemuQemu Version2.9.0 Updaterc4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.6% 0.684
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9 2.3 6
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 7.7 5.1 10
AV:A/AC:L/Au:S/C:C/I:C/A:C
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

http://www.openwall.com/lists/oss-security/2017/04/19/2
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/97970
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471
Patch
Third Party Advisory
Issue Tracking