CVE-2017-7493

Sažetak

Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest.

Reference

http://seclists.org/oss-sec/2017/q2/278
http://www.securityfocus.com/bid/98574
https://bugzilla.redhat.com/show_bug.cgi?id=1451709
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html
https://security.gentoo.org/glsa/201706-03

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

23-10-2020 - 16:28

Objavljeno

17-05-2017 - 15:29