Lucene search
Veracode Vulnerability DatabaseVERACODE:27116HistorySep 21, 2020 - 6:36 a.m.
Privilege Escalation
2020-09-2106:36:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
0.002 Low
EPSS
Percentile
59.2%
Qemu is vulnerable to privilege escalation. An improper link following occurs when building with the VirtFS. A privileged user inside guest can exploit the vulnerability to access host file system beyond the shared folder and potentially escalating their privileges on a host.
| CPE | Name | Operator | Version |
|---|---|---|---|
| qemu:xenial | eq | 1:2.5+dfsg-5ubuntu10 | |
| qemu:xenial | eq | 1:2.5+dfsg-5ubuntu10 |
References
www.openwall.com/lists/oss-security/2017/01/17/12
www.securityfocus.com/bid/95461
www.securitytracker.com/id/1037604
bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9602
lists.debian.org/debian-lts-announce/2018/09/msg00007.html
lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html
lists.gnu.org/archive/html/qemu-devel/2017-02/msg04347.html
security.gentoo.org/glsa/201704-01
Related
seebug
seebug
QEMU: virtfs permits guest to access entire host filesystem (CVE-2016-9602)
2017-02-23 00:00:00
debiancve
debiancve
CVE-2016-9602
2018-04-26 19:29:00
osv
osv
CVE-2016-9602
2018-04-26 19:29:00
qemu-kvm - security update
2017-05-30 00:00:00
qemu - security update
2017-07-21 00:00:00
ubuntucve
ubuntucve
CVE-2016-9602
2016-12-31 00:00:00
CVE-2017-8086
2017-05-02 00:00:00
cve
cve
CVE-2016-9602
2018-04-26 19:29:00
nessus
nessus
EulerOS Virtualization 2.5.1 : qemu-kvm (EulerOS-SA-2018-1321)
2018-10-25 00:00:00
Debian DLA-965-1 : qemu-kvm security update
2017-05-31 00:00:00
Debian DLA-1035-1 : qemu security update
2017-07-24 00:00:00
nvd
nvd
CVE-2016-9602
2018-04-26 19:29:00
prion
prion
Input validation
2018-04-26 19:29:00
cvelist
cvelist
CVE-2016-9602
2018-04-26 19:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2018-1321)
2020-01-23 00:00:00
Debian: Security Advisory (DLA-965-1)
2023-03-08 00:00:00
Debian: Security Advisory (DLA-1035-1)
2018-02-07 00:00:00
redhatcve
redhatcve
CVE-2016-9602
2017-01-17 12:17:49
debian
debian
[SECURITY] [DLA 965-1] qemu-kvm security update
2017-05-31 06:12:28
[SECURITY] [DLA 1035-1] qemu security update
2017-07-21 15:17:41
[SECURITY] [DLA 1497-1] qemu security update
2018-09-06 18:49:12
gentoo
gentoo
QEMU: Multiple vulnerabilities
2017-04-10 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2017-04-25 00:00:00
QEMU vulnerabilities
2017-04-20 00:00:00
suse
suse
Security update for kvm (important)
2017-11-10 09:05:35
Security update for qemu (important)
2017-07-04 21:16:50
Security update for qemu (important)
2017-07-15 00:10:54