12 matches found
Astra Linux – Vulnerability in Qemu
A flaw was discovered in the implementation of the QEMU virtio-fs shared file system daemon virtiofsd. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in directories shared by virtio-fs, with unintended group ownership. This occurs in a scenario where a...
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
...
SUSE CVE-2020-10717
A potential DoS flaw was found in the virtio-fs shared file system daemon virtiofsd implementation of the QEMU version = v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared...
AZL-35156 CVE-2022-0358 affecting package qemu for versions less than 6.2.0-18
A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...
DEBIAN-CVE-2022-0358
A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...
QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405
A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...
QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405
A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...
QEMU 安全漏洞
QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. QEMU suffers from a security vulnerability that stems from a flaw found in the QEMU virtio-fs shared file system daemon virtiofsd implementatio...
DEBIAN-CVE-2021-20263
A flaw was found in the virtio-fs shared file system daemon virtiofsd of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could ...
QEMU: virtiofsd: potential privileged host device access from guest
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. The highest threat from this vulnerability is to da...
QEMU: virtiofsd: potential privileged host device access from guest
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. The highest threat from this vulnerability is to da...
QEMU: virtiofsd: guest may open maximum file descriptor to cause DoS
A potential DoS flaw was found in the virtio-fs shared file system daemon virtiofsd implementation of the QEMU version = v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared...