Back to search
CVE-2017-7493
Published: May 17, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest.
| Vendor | Product | Versions |
|---|---|---|
QEMU | qemu | affected 2.7.4 |
References
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
mailing-list
x_refsource_MLIST
GLSA-201706-03
vendor-advisory
x_refsource_GENTOO
98574
vdb-entry
x_refsource_BID
[qemu-devel] 20170516 [PULL] 9pfs: local: forbid client access to metadata (CVE-2017-7493)
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1451709
x_refsource_CONFIRM
[oss-security] 20170517 CVE-2017-7493 Qemu: 9pfs: guest privilege escalation in virtfs mapped-file mode
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now