4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:C/I:N/A:N
0.001 Low
EPSS
Percentile
28.3%
Secunia reports:
A vulnerability has been reported in QEMU, which can be exploited
by malicious, local users to bypass certain security
restrictions.
The vulnerability is caused due to the “drive_init()” function
in vl.c determining the format of a disk from data contained in
the disk’s header. This can be exploited by a malicious user in
a guest system to e.g. read arbitrary files on the host by
writing a fake header to a raw formatted disk image.