Lucene search
K

12 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the implementation of the QEMU virtio-fs shared file system daemon virtiofsd. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in directories shared by virtio-fs, with unintended group ownership. This occurs in a scenario where a...

7.8CVSS7.1AI score0.00332EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/08/05 7:0 a.m.7 views

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.

...

7.8CVSS8.4AI score0.01018EPSS
Exploits2
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.4 views

SUSE CVE-2020-10717

A potential DoS flaw was found in the virtio-fs shared file system daemon virtiofsd implementation of the QEMU version = v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared...

3.8CVSS6.5AI score0.00395EPSS
Exploits0References3
OSV
OSV
added 2022/08/29 3:15 p.m.8 views

AZL-35156 CVE-2022-0358 affecting package qemu for versions less than 6.2.0-18

A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...

7.8CVSS7.1AI score0.00332EPSS
Exploits0References1
OSV
OSV
added 2022/08/29 3:15 p.m.3 views

DEBIAN-CVE-2022-0358

A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...

7.8CVSS7.3AI score0.00332EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/03/16 2:12 p.m.5 views

QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405

A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...

7.8CVSS6.6AI score0.00332EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/15 10:1 a.m.5 views

QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405

A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...

7.8CVSS6.6AI score0.00332EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/01/25 12:0 a.m.1 views

QEMU 安全漏洞

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. QEMU suffers from a security vulnerability that stems from a flaw found in the QEMU virtio-fs shared file system daemon virtiofsd implementatio...

7.8CVSS6.5AI score0.01018EPSS
Exploits2References20
OSV
OSV
added 2021/03/09 6:15 p.m.1 views

DEBIAN-CVE-2021-20263

A flaw was found in the virtio-fs shared file system daemon virtiofsd of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could ...

3.3CVSS6.7AI score0.00377EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/03/03 1:8 p.m.3 views

QEMU: virtiofsd: potential privileged host device access from guest

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. The highest threat from this vulnerability is to da...

8.2CVSS7.1AI score0.00522EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2021/02/22 3:43 p.m.9 views

QEMU: virtiofsd: potential privileged host device access from guest

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. The highest threat from this vulnerability is to da...

8.2CVSS7.1AI score0.00522EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2020/07/28 7:14 a.m.1 views

QEMU: virtiofsd: guest may open maximum file descriptor to cause DoS

A potential DoS flaw was found in the virtio-fs shared file system daemon virtiofsd implementation of the QEMU version = v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared...

6.5CVSS7.1AI score0.00395EPSS
Exploits0References4
Rows per page
Query Builder