Improper access control in QEMU - CVE-2017-7493
Published: June 6, 2017 / Updated: June 8, 2017
Vulnerability identifier: #VU6937
CSH Severity: Low
CVSS v4.0:
CVE-ID: CVE-2017-7493
CWE-ID: CWE-284
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: QEMU
Affected software:
QEMU
QEMU
Detailed vulnerability description
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via
Plan 9 File System(9pfs) support, is vulnerable to an improper access
control issue. It could occur while accessing virtfs metadata files in
mapped-file security mode. A guest user could use this flaw to escalate
their privileges inside guest.
How to mitigate CVE-2017-7493
Update to version 2.9.0-r2.