83 matches found
UBUNTU-CVE-2022-0358
A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...
QEMU 安全漏洞
QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. QEMU suffers from a security vulnerability that stems from a flaw found in the QEMU virtio-fs shared file system daemon virtiofsd implementatio...
Security update for qemu (important)
openSUSE Security Update: Security update for qemu Announcement ID: openSUSE-SU-2021:1942-1 Rating: important References: 1149813 1163019 1175144 1175534 1176681 1178683 1178935 1179477 1179484 1179686 1181103 1182282 1182425 1182968 1182975 1183373 1186290 Cross-References: CVE-2019-15890...
DEBIAN-CVE-2021-20263
A flaw was found in the virtio-fs shared file system daemon virtiofsd of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could ...
Design/Logic Flaw
A flaw was found in the virtio-fs shared file system daemon virtiofsd of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could ...
CVE-2021-20263
A flaw was found in the virtio-fs shared file system daemon virtiofsd of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could ...
QEMU elevation of privilege vulnerability (CNVD-2021-39776)
QEMU is a suite of analog processor software. QEMU suffers from an elevation of privilege vulnerability that can be exploited by an attacker to bypass restrictions via QEMU's Virtiofsd Xattrmap option, thereby increasing privileges on the host system...
Important: Red Hat Security Advisory: virt:8.2 and virt-devel:8.2 security update
An update for the virt:8.2 and virt-devel:8.2 modules is now available for Advanced Virtualization for RHEL 8.2.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
QEMU: virtiofsd: potential privileged host device access from guest
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. The highest threat from this vulnerability is to da...
RHEL 8 : virt:8.2 and virt-devel:8.2 (RHSA-2021:0743)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0743 advisory. The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat...
QEMU 安全漏洞
QEMU is a suite of analog processor software. QEMU suffers from an elevation of privilege vulnerability that can be exploited by an attacker to bypass restrictions via QEMU's Virtiofsd Xattrmap option, thereby increasing privileges on the host system...
QEMU: virtiofsd: potential privileged host device access from guest
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. The highest threat from this vulnerability is to da...
virt:rhel and virt-devel:rhel security update
An update is available for libnbd, nbdkit, libguestfs-winsupport, supermin, libiscsi, hivex, netcf, perl-Sys-Virt, seabios, sgabios, libvirt-dbus, libvirt-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2021:0711)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0711 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packag...
CVE-2021-20263
A flaw was found in the virtio-fs shared file system daemon virtiofsd of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could ...
QEMU: virtiofsd: potential privileged host device access from guest
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. The highest threat from this vulnerability is to da...
QEMU Access Control Error Vulnerability
QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. QEMU suffers from an Access Control Error vulnerability that can be exploited by an attacker to bypass access restrictions via virtiofsd in ord...
QEMU 访问控制错误漏洞
QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. QEMU suffers from an Access Control Error vulnerability that can be exploited by an attacker to bypass access restrictions via virtiofsd in ord...
Moderate: Red Hat Security Advisory: virt:8.2 and virt-devel:8.2 security and bug fix update
An update for the virt:8.2 and virt-devel:8.2 modules is now available for Advanced Virtualization for RHEL 8.2.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
QEMU: virtiofsd: guest may open maximum file descriptor to cause DoS
A potential DoS flaw was found in the virtio-fs shared file system daemon virtiofsd implementation of the QEMU version = v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared...