Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-7471

Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

Related bugs and status

CVE-2017-7471 (Candidate) is related to these bugs:

Bug #1736376: CVE-2017-7471 repeated?

Summary				In	Importance	Status
	1736376	CVE-2017-7471 repeated?		QEMU	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.securityfoc...
MISC: https://security.gento...
MISC: http://www.openwall.co...
MISC: https://bugzilla.redha...
MISC: https://git.qemu.org/?...