CVE-2017-7471 repeated?
Bug #1736376 reported by
Rooney
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Invalid
|
Undecided
|
Unassigned |
Bug Description
In the hw/9pfs/9p-proxy.c file I can see the following which is changed because of CVE-2017-7471 in the hw/9pfs/9p-local.c. I might be wrong but I guess that should be changed as well.
if(dir_path){
v9fs_path_
}
else{
v9fs_path_
}
CVE References
To post a comment you must log in.
When using the proxy backend, all accesses to the host filesystem are handled by an external process running in a chroot() jail. No need to bother about paths in this case.
CVE-2017-7471 is only applicable to the local backend, because accesses are handled by QEMU directly in this case.