Vulnerability identifier: #VU16522
Vulnerability risk: Medium
CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-22
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
QEMU
Client/Desktop applications /
Virtualization software
Vendor: QEMU
Description
The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.
The vulnerability exists in qemu Media Transfer Protocol (MTP) due to an improper filename sanitization. When the guest device is mounted in read-write mode, an adjacent attacker can conduct directory traversal attack in the in usb_mtp_write_data function in hw/usb/dev-mtp.c to read/write arbitrary files which may lead do DoS scenario or arbitrary code execution on the host.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Mitigation
Update to version 3.1.0.
Vulnerable software versions
QEMU: 2.0 - 3.0.0
External links
http://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00390.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.