Launchpad.net

CVE 2023-2861

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.

Related bugs and status

CVE-2023-2861 (Candidate) is related to these bugs:

Bug #2064914: Windows guest hangs after reboot from the guest OS

		In	Importance	Status
2064914	Windows guest hangs after reboot from the guest OS	qemu (Ubuntu)	Undecided	Fix Released
2064914	Windows guest hangs after reboot from the guest OS	qemu (Ubuntu Jammy)	Undecided	Fix Released
2064914	Windows guest hangs after reboot from the guest OS	qemu (Fedora)	Unknown	Unknown

Bug #2065579: [UBUNTU 22.04] OS guest boot issues on 9p filesystem

Summary				In	Importance	Status
	2065579	[UBUNTU 22.04] OS guest boot issues on 9p filesystem		qemu (Ubuntu)	Undecided	Fix Released
	2065579	[UBUNTU 22.04] OS guest boot issues on 9p filesystem		Ubuntu on IBM z Systems	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-2861

Related bugs and status

Related bugs

References