CVE-2020-35517

Published: Jan 28, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.

Vendor	Product	Versions
n/a	qemu	affected `qemu 5.2.0`

Weaknesses (CWE)

CWE-269

References

https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1915823

x_refsource_MISC

https://www.openwall.com/lists/oss-security/2021/01/22/1

x_refsource_MISC

https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20210312-0002/

x_refsource_CONFIRM

GLSA-202208-27

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-35517

Description

Affected Products

Weaknesses (CWE)

References