Podatność CVE-2023-2861


Publikacja: 2023-12-06   Modyfikacja: 2023-12-14

Opis:
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.

Typ:

CWE-Other

Affected software
QEMU -> QEMU 

 Referencje:
https://access.redhat.com/security/cve/CVE-2023-2861
https://bugzilla.redhat.com/show_bug.cgi?id=2219266

Copyright 2024, cxsecurity.com

 

Back to Top