CVE-2021-20181

Sažetak

A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1927007
https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html
https://www.zerodayinitiative.com/advisories/ZDI-21-159/
https://security.netapp.com/advisory/ntap-20210720-0009/
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html

CVSS

Base:	6.9
Impact:	10.0
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

07-11-2023 - 03:28

Objavljeno

13-05-2021 - 16:15