CVE-2023-2861

MEDIUM 6.0

Qemu: 9pfs: improper access control on special files

CVSS Score

6.0

EPSS Score

0.0%

EPSS Percentile

0th

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.

CWE	CWE-284
Published	Dec 6, 2023
Last Updated	Aug 2, 2024

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new medium vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-2861 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2219266 lists.debian.org: https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html security.netapp.com: https://security.netapp.com/advisory/ntap-20240125-0005/ security.netapp.com: https://security.netapp.com/advisory/ntap-20240229-0002/

Credits

Red Hat would like to thank Jietao Xiao, Jinku Li, Wenbo Shen, and Yanwu Shen for reporting this issue.