QwikSec

Security Database

CVE

CWE

Training

CVE-2017-7471

Published: Jul 9, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9c6b899f7a46893ab3b671e341a2234e9c0c060e

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

vdb-entry

x_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471

x_refsource_CONFIRM

[oss-security] 20170419 CVE-2017-7471 Qemu: 9p: virtfs allows guest to change filesystem attributes on host

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.