A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1915823 | Issue Tracking Patch Third Party Advisory |
https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c | Patch Third Party Advisory |
https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html | Exploit Mailing List Patch Third Party Advisory |
https://security.gentoo.org/glsa/202208-27 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210312-0002/ | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2021/01/22/1 | Exploit Mailing List Patch Third Party Advisory |
Configurations
History
12 Feb 2023, 23:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. |
02 Feb 2023, 21:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
30 Sep 2022, 12:50
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202208-27 - Third Party Advisory |
15 Aug 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE |
01 Jun 2021, 14:01
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1915823 - Issue Tracking, Patch, Third Party Advisory |
21 May 2021, 18:42
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* |
31 Mar 2021, 15:09
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210312-0002/ - Third Party Advisory | |
CWE | CWE-269 |
12 Mar 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Feb 2021, 19:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 8.2 |
CPE | cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:* | |
References | (MISC) https://www.openwall.com/lists/oss-security/2021/01/22/1 - Exploit, Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c - Release Notes | |
References | (MISC) https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html - Exploit, Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1915823 - Issue Tracking, Vendor Advisory |
28 Jan 2021, 20:26
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-28 20:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-35517
Mitre link : CVE-2020-35517
CVE.ORG link : CVE-2020-35517
JSON object : View
Products Affected
qemu
- qemu
CWE
CWE-269
Improper Privilege Management