Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Qemu | Qemu | * | 2.9.1 (including) |
Qemu | Ubuntu | esm-infra-legacy/trusty | * |
Qemu | Ubuntu | esm-infra/xenial | * |
Qemu | Ubuntu | trusty | * |
Qemu | Ubuntu | trusty/esm | * |
Qemu | Ubuntu | upstream | * |
Qemu | Ubuntu | xenial | * |
Qemu | Ubuntu | yakkety | * |
Qemu | Ubuntu | zesty | * |
Qemu-kvm | Ubuntu | precise/esm | * |
Qemu-kvm | Ubuntu | upstream | * |