Privilege Escalation

2021-02-1001:00:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0005 Low

EPSS

Percentile

17.9%

JSON

Qemu is vulnerable to privilege escalation attack. A race condition flaw was found in the 9pfs server implementation of QEMU. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.

CPENameOperatorVersion
qemu:bioniceq1:2.11+dfsg-1ubuntu7.32
qemu:bioniceq1:2.11+dfsg-1ubuntu7.31
qemu:bioniceq1:2.11+dfsg-1ubuntu7
qemu:bioniceq1:2.11+dfsg-1ubuntu7.33
qemu:groovyeq1:5.0-5ubuntu6
qemu:groovyeq1:5.0-5ubuntu7
qemu:groovyeq1:5.0-5ubuntu9.1
qemu:groovyeq1:5.0-5ubuntu9
qemu:focaleq1:4.2-3ubuntu6.5
qemu:focaleq1:4.2-3ubuntu6.4

Name	Operator	Version
qemu:bionic	eq	1:2.11+dfsg-1ubuntu7.32
qemu:bionic	eq	1:2.11+dfsg-1ubuntu7.31
qemu:bionic	eq	1:2.11+dfsg-1ubuntu7
qemu:bionic	eq	1:2.11+dfsg-1ubuntu7.33
qemu:groovy	eq	1:5.0-5ubuntu6
qemu:groovy	eq	1:5.0-5ubuntu7
qemu:groovy	eq	1:5.0-5ubuntu9.1
qemu:groovy	eq	1:5.0-5ubuntu9
qemu:focal	eq	1:4.2-3ubuntu6.5
qemu:focal	eq	1:4.2-3ubuntu6.4