Qemu: 9pfs: improper access control on special files
CVE-2023-2861

7.1HIGH

Key Information:

Vendor: Red Hat
Status: Qemu; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 6 December 2023

Summary

A vulnerability has been identified in QEMU's implementation of the 9p passthrough filesystem (9pfs). This flaw allows a malicious client to exploit the absence of restrictions on special file access on the host side. By creating and opening a device file within a shared folder, attackers can escape the intended boundaries of the exported 9p tree, potentially leading to unauthorized access to host resources. Organizations using affected versions of QEMU should evaluate their security posture and apply necessary updates.

References

https://access.redhat.com/security/cve/CVE-2023-2861

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2219266

issue-trackingx_refsource_REDHAT

https://security.netapp.com/advisory/ntap-20240125-0005/

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2023
Vulnerability Reserved
May 24, 2023

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Jietao Xiao, Jinku Li, Wenbo Shen, and Yanwu Shen for reporting this issue.