PT-2023-9188 · Qemu+7 · Qemu+7

Tej Rathi

Published

2023-06-30

Updated

2026-06-09

CVE-2023-2861

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description A flaw was found in the 9p passthrough filesystem (9pfs) implementation. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder. This issue may allow an attacker to bypass existing access restriction policies.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

ALT-PU-2023-4715

ALT-PU-2023-5241

ALT-PU-2023-7183

ALT-PU-2024-13687

ALT-PU-2024-14149

AZL-32127

AZL-35167

BDU:2024-04483

CVE-2023-2861

DLA-3759-1

MGASA-2024-0047

OESA-2023-1472

OESA-2023-1473

OESA-2023-1474

OESA-2023-1475

OESA-2023-1476

OPENSUSE-SU-2023_3082-1

OPENSUSE-SU-2023_3234-1

OPENSUSE-SU-2023_3721-1

OPENSUSE-SU-2024:13058-1

OPENSUSE-SU-2024_2977-1

SUSE-SU-2023:3015-1

SUSE-SU-2023:3082-1

SUSE-SU-2023:3082-2

SUSE-SU-2023:3234-1

SUSE-SU-2023:3721-1

SUSE-SU-2023:3800-1

SUSE-SU-2023_3015-1

SUSE-SU-2023_3082-1

SUSE-SU-2023_3234-1

SUSE-SU-2024:2977-1

SUSE-SU-2024_2977-1

USN-6567-1

USN-6567-2

USN-8172-1

USN-8412-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Qemu

Red Os

Suse

Ubuntu

PT-2023-9188 · Qemu+7 · Qemu+7

CVE-2023-2861

Weakness Enumeration

Related Identifiers

Affected Products

References · 150