15 matches found
EUVD-2023-34310
Malicious code in bioql PyPI...
Azure Linux 3.0 Security Update: qemu (CVE-2023-2861)
The version of qemu installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-2861 advisory. - A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit...
Ubuntu 20.04 LTS / 22.04 LTS : QEMU regression (USN-6567-2)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6567-2 advisory. USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behaviour change leading to a regression in...
EulerOS 2.0 SP9 : qemu (EulerOS-SA-2023-2906)
According to the versions of the qemu package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands whe...
EulerOS Virtualization 2.9.0 : qemu (EulerOS-SA-2023-2999)
According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special file...
Ubuntu: Security Advisory (USN-6567-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6567-1: QEMU vulnerabilities
Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2020-14394 It w...
CVE-2023-2861
A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...
CVE-2023-2861 Qemu: 9pfs: improper access control on special files
A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...
CVE-2023-2861
A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...
CVE-2023-2861
The CVE-2023-2861 issue affects QEMU’s 9pfs (9p passthrough filesystem) where the server allowed opening host-side special files, potentially enabling a malicious client to escape the exported 9p tree by creating/opening a device file in the shared folder. Affected are QEMU implementations in var...
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2023-2906)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the gue...
CVE-2023-2861
A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...
PT-2023-9641 · Qemu +1 · Qemu +1
Name of the Vulnerable Software and Affected Versions: QEMU affected versions not specified Description: A flaw was found in the 9p passthrough filesystem 9pfs implementation. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly...