Improper access control in QEMU - CVE-2017-7471
Published: June 6, 2017 / Updated: June 8, 2017
Vulnerability identifier: #VU6936
CSH Severity: Low
CVSS v4.0:
CVE-ID: CVE-2017-7471
CWE-ID: CWE-284
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: QEMU
Affected software:
QEMU
QEMU
Detailed vulnerability description
Quick Emulator(Qemu) built with the VirtFS, host directory sharing via Plan 9
File System(9pfs) support, is vulnerable to an improper access control issue.
It could occur while accessing files on a shared host directory.
A privileged user inside guest could use this flaw to access host file system
beyond the shared folder and potentially escalating their privileges on a host.
How to mitigate CVE-2017-7471
Update to version 2.9.0-r2.