CVE-2017-7471

Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

CVSS v3 9.0 CRITICAL
CVSS v2.0 7.7 HIGH

9.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.7^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:A/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 5.1 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.openwall.com/lists/oss-security/2017/04/19/2	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/97970	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471	Issue Tracking Patch Third Party Advisory
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9c6b899f7a46893ab3b671e341a2234e9c0c060e
https://security.gentoo.org/glsa/201706-03	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:qemu:qemu::::::::
	cpe:2.3:a:qemu:qemu:2.9.0:rc0::::::
	cpe:2.3:a:qemu:qemu:2.9.0:rc1::::::
	cpe:2.3:a:qemu:qemu:2.9.0:rc2::::::
	cpe:2.3:a:qemu:qemu:2.9.0:rc3::::::
	cpe:2.3:a:qemu:qemu:2.9.0:rc4::::::

History

12 Feb 2023, 23:30

Type	Values Removed	Values Added
References	{'url': 'https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9c6b899f7a46893ab3b671e341a2234e9c0c060e', 'name': 'https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9c6b899f7a46893ab3b671e341a2234e9c0c060e', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'CONFIRM'}	(MISC) https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9c6b899f7a46893ab3b671e341a2234e9c0c060e -

Information

Published : 2018-07-09 14:29

Updated : 2023-12-10 12:30

NVD link : CVE-2017-7471

Mitre link : CVE-2017-7471

CVE.ORG link : CVE-2017-7471

JSON object : View

Products Affected

qemu

qemu

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

9.0 /10