Showing 1 - 3 of 3

CVE-2017-7493

Status Candidate

Overview

Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest.

Related Files

Ubuntu Security Notice USN-3414-2: Posted Sep 20, 2017; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3414-2 - USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for CVE-2017-9375 was incomplete and caused a regression in the USB xHCI controller emulation support. This update fixes the problem. Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. Various other issues were also addressed.; tags | advisory, denial of service, vulnerability; systems | linux, ubuntu; advisories | CVE-2017-10664, CVE-2017-10806, CVE-2017-10911, CVE-2017-11434, CVE-2017-12809, CVE-2017-7493, CVE-2017-8112, CVE-2017-8380, CVE-2017-9060, CVE-2017-9310, CVE-2017-9330, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375, CVE-2017-9503, CVE-2017-9524; MD5 | 92172bfdd6366a35c975fa4e430d2218; Download | Favorite | Comments (0)

Ubuntu Security Notice USN-3414-1: Posted Sep 14, 2017; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3414-1 - Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. Various other issues were also addressed.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2017-10664, CVE-2017-10806, CVE-2017-10911, CVE-2017-11434, CVE-2017-12809, CVE-2017-7493, CVE-2017-8112, CVE-2017-8380, CVE-2017-9060, CVE-2017-9310, CVE-2017-9330, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375, CVE-2017-9503, CVE-2017-9524; MD5 | 0392d6964c9f9ee67e40b47efe84d6b0; Download | Favorite | Comments (0)

Gentoo Linux Security Advisory 201706-03: Posted Jun 6, 2017; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201706-3 - Multiple vulnerabilities have been found in QEMU, the worst of which may allow a remote attacker to cause a Denial of Service or gain elevated privileges from a guest VM. Versions less than 2.9.0-r2 are affected.; tags | advisory, remote, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2016-9603, CVE-2017-7377, CVE-2017-7471, CVE-2017-7493, CVE-2017-7718, CVE-2017-7980, CVE-2017-8086, CVE-2017-8112, CVE-2017-8309, CVE-2017-8379, CVE-2017-8380, CVE-2017-9060, CVE-2017-9310, CVE-2017-9330; MD5 | 8fed197672d9b924dba0615240e3f96b; Download | Favorite | Comments (0)

Page 1 of 1 Back 1 Next

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Red Hat 95 files
Ubuntu 53 files
Ozkan Mustafa Akkus 31 files
Debian 24 files
Google Security Research 20 files
Borna Nematzadeh 18 files
Gentoo 16 files
LiquidWorm 12 files
t4rkd3vilz 8 files
Apple 8 files

File Archives

Systems

AIX (409)
Apple (1,554)
BSD (335)
Cisco (1,812)
Debian (5,536)
Fedora (1,682)
FreeBSD (1,195)
Gentoo (3,583)
HPUX (865)
iOS (174)
iPhone (103)
IRIX (219)
Juniper (66)
Linux (33,597)
Mac OS X (653)
Mandriva (3,105)
NetBSD (255)
OpenBSD (456)
RedHat (6,582)
Slackware (830)
Solaris (1,569)
SUSE (1,444)
Ubuntu (5,674)
UNIX (8,286)
UnixWare (172)
Windows (5,345)
Other