Vulnerability CVE-2023-2861: Information
Description
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.
Severity: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
qemu | sisyphus | 8.0.3-alt1 | 8.2.3-alt1 | ALT-PU-2023-4715-1 | 325821 | Fixed |
qemu | sisyphus_riscv64 | 8.0.3-alt0.1.rv64 | 8.0.3-alt0.1.rv64 | ALT-PU-2023-4832-1 | - | Fixed |
qemu | p10 | 8.0.4-alt1.p10 | 8.2.2-alt0.p10.1 | ALT-PU-2023-5241-3 | 328289 | Fixed |
qemu | c10f1 | 8.0.4-alt1.p10 | 8.2.2-alt0.p10.1 | ALT-PU-2023-7183-2 | 334310 | Fixed |