A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qemu | Qemu | 5.0.0 (including) | 5.2.50 (including) |
| Advanced Virtualization for RHEL 8.2.1 | RedHat | virt:8.2-8020120210211153838.863bb0db | * |
| Advanced Virtualization for RHEL 8.2.1 | RedHat | virt-devel:8.2-8020120210211153838.863bb0db | * |
| Advanced Virtualization for RHEL 8.3.1 | RedHat | virt:8.3-8030120210211160750.71132145 | * |
| Advanced Virtualization for RHEL 8.3.1 | RedHat | virt-devel:8.3-8030120210211160750.71132145 | * |
| Red Hat Enterprise Linux 8 | RedHat | virt-devel:rhel-8030020210210212009.229f0a1c | * |
| Red Hat Enterprise Linux 8 | RedHat | virt:rhel-8030020210210212009.229f0a1c | * |
| Qemu | Ubuntu | devel | * |
| Qemu | Ubuntu | groovy | * |
| Qemu | Ubuntu | hirsute | * |
| Qemu | Ubuntu | impish | * |
| Qemu | Ubuntu | jammy | * |
| Qemu | Ubuntu | trusty | * |