CVE-2021-20181

CVSS v3.1

7.5

High

Vector

AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QEMU versions up to and including 5.2.0

Description A race condition flaw was found in the 9pfs server implementation, allowing a malicious 9p client to cause a use-after-free error. This could potentially escalate privileges on the system, with the highest threat being to confidentiality, integrity, and system availability.

Recommendations For QEMU versions up to and including 5.2.0, update to a version later than 5.2.0 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

Fix

Time Of Check To Time Of Use

Use After Free

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367CWE-416CWE-362

Related Identifiers

ALT-PU-2021-1767

BDU:2021-05255

CVE-2021-20181

DLA-2560-1

DLA-3099-1

OESA-2021-1218

OPENSUSE-SU-2021:0363-1

OPENSUSE-SU-2021_0363-1

OPENSUSE-SU-2024:11287-1

SUSE-SU-2021:0521-1

SUSE-SU-2021:1240-1

SUSE-SU-2021:1241-1

SUSE-SU-2021:1242-1

SUSE-SU-2021:1244-1

SUSE-SU-2021:1245-1

SUSE-SU-2021:1305-1

SUSE-SU-2021:14704-1

SUSE-SU-2021:14706-1

SUSE-SU-2021_14704-1

USN-4725-1

USN-8412-1

ZDI-21-159

Affected Products

Alt Linux

Astra Linux

Linuxmint

Qemu

Suse

Ubuntu

CVE-2021-20181

Weakness Enumeration

Related Identifiers

Affected Products

References · 289