CVE-2023-2861

Qemu: 9pfs: improper access control on special files

Published: 12/6/2023 Last updated: 8/2/2024 Reserved: 5/24/2023

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.

CNA assigner: fedora (92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6	Medium	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (1)

Product	Vendor	Version
		17.3.3

References (10)

https://access.redhat.com/security/cve/CVE-2023-2861
https://bugzilla.redhat.com/show_bug.cgi?id=2219266
https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html
https://security.netapp.com/advisory/ntap-20240125-0005/
https://security.netapp.com/advisory/ntap-20240229-0002/
https://access.redhat.com/security/cve/CVE-2023-2861
https://bugzilla.redhat.com/show_bug.cgi?id=2219266
https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html
https://security.netapp.com/advisory/ntap-20240125-0005/
https://security.netapp.com/advisory/ntap-20240229-0002/

Credits (1)

Red Hat would like to thank Jietao Xiao, Jinku Li, Wenbo Shen, and Yanwu Shen for reporting this issue.