A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qemu | Qemu | * | 5.2.0 (including) |
| Qemu | Ubuntu | bionic | * |
| Qemu | Ubuntu | devel | * |
| Qemu | Ubuntu | esm-infra-legacy/trusty | * |
| Qemu | Ubuntu | focal | * |
| Qemu | Ubuntu | groovy | * |
| Qemu | Ubuntu | hirsute | * |
| Qemu | Ubuntu | impish | * |
| Qemu | Ubuntu | jammy | * |
| Qemu | Ubuntu | kinetic | * |
| Qemu | Ubuntu | lunar | * |
| Qemu | Ubuntu | mantic | * |
| Qemu | Ubuntu | noble | * |
| Qemu | Ubuntu | oracular | * |
| Qemu | Ubuntu | trusty | * |
| Qemu | Ubuntu | trusty/esm | * |
| Qemu | Ubuntu | xenial | * |
| Qemu-kvm | Ubuntu | precise/esm | * |