PT-2021-7336 · Qemu+3 · Qemu+3

Dr. David Alan Gilbert

Published

2021-02-09

Updated

2024-06-15

CVE-2021-20263

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281

Related Identifiers

ALT-PU-2021-1767

BDU:2022-05711

CVE-2021-20263

OPENSUSE-SU-2021:1942-1

OPENSUSE-SU-2021_1942-1

OPENSUSE-SU-2024:11287-1

SUSE-SU-2021:1942-1

Affected Products

Alt Linux

Astra Linux

Qemu

Suse

PT-2021-7336 · Qemu+3 · Qemu+3

CVE-2021-20263

Weakness Enumeration

Related Identifiers

Affected Products

References · 179