PT-2021-7324 · Qemu+8 · Qemu+8

Alex Xu

Published

2021-01-13

Updated

2023-02-12

CVE-2020-35517

CVSS v3.1

7.5

High

Vector

AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions qemu (affected versions not specified)

Description A flaw was found in the virtio-fs shared file system daemon of qemu, which is related to insecure privilege management. This issue allows a privileged guest user to create a device special file in the shared directory, enabling read and write access to host devices. The exploitation of this flaw may allow an attacker to access confidential data, compromise data integrity, and cause a denial of service using a specially crafted file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

ALSA-2021:0711

ALT-PU-2021-1767

BDU:2022-05685

CESA-2021_0711

CVE-2020-35517

RHSA-2021:0711

RHSA-2021:0743

RHSA-2021_0711

RLSA-2021:0711

USN-5010-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Ubuntu

Qemu

PT-2021-7324 · Qemu+8 · Qemu+8

CVE-2020-35517

Weakness Enumeration

Related Identifiers

Affected Products

References · 46