2018-04-26 21:29:00 2019-10-10 01:20:39

Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE
QEMU QEMU 2.0.2 Qemu Qemu 2.0.1 (not an official CPE) QEMU 2.0.0 release candidate 3 QEMU 2.0.0 release candidate 2 QEMU 2.0.0 release candidate 1 QEMU 2.0.0 release candidate 0 QEMU 2.0.0 Qemu Qemu 2.0.0 (not an official CPE) Qemu Qemu 1.7.2 (not an official CPE) QEMU 1.7.1 Qemu Qemu 1.7.0 (not an official CPE) QEMU 1.6.2 QEMU 1.6.1 QEMU 1.6.0 release candidate 3 QEMU 1.6.0 release candidate 2 QEMU 1.6.0 release candidate 1 QEMU 1.6.0 QEMU 1.5.3 QEMU 1.5.2 QEMU 1.5.1 QEMU 1.5.0 release candidate 3 QEMU 1.5.0 release candidate 2 QEMU 1.5.0 release candidate 1 QEMU 1.5.0 QEMU 1.4.2 QEMU 1.4.1 Qemu Qemu 1.4.0 (not an official CPE) Qemu Qemu 1.3.1 (not an official CPE) Qemu Qemu 1.3.0 (not an official CPE) Qemu Qemu 1.2.2 (not an official CPE) Qemu Qemu 1.2.1 (not an official CPE) Qemu Qemu 1.2.0 (not an official CPE) Qemu Qemu 1.1.2 (not an official CPE) Qemu Qemu 1.1.1 (not an official CPE) Qemu Qemu 1.1.0 (not an official CPE) QEMU 1.1 release candidate 4 QEMU 1.1 release candidate 3 QEMU 1.1 release candidate 2 QEMU 1.1 release candidate 1 QEMU 1.1 QEMU 1.0.1 QEMU 1.0 release candidate 4 QEMU 1.0 release candidate 3 QEMU 1.0 release candidate 2 QEMU 1.0 release candidate 1 QEMU 1.0 QEMU 0.15.2 QEMU 0.15.1 QEMU 0.15.0 release candidate 2 QEMU 0.15.0 release candidate 1 Qemu Qemu 0.15.0 (not an official CPE) QEMU 0.14.1 QEMU 0.14.0 release candidate 2 QEMU 0.14.0 release candidate 1 QEMU 0.14.0 release candidate 0 QEMU 0.14.0 QEMU 0.13.0 release candidate 1 QEMU 0.13.0 release candidate 0 QEMU 0.13.0 QEMU 0.12.5 QEMU 0.12.4 QEMU 0.12.3 QEMU 0.12.2 QEMU 0.12.1 QEMU 0.12.0 release candidate 2 QEMU 0.12.0 release candidate 1 QEMU 0.12.0 QEMU 0.11.1 QEMU 0.11.0-rc2 QEMU 0.11.0-rc1 QEMU 0.11.0-rc0 QEMU 0.11.0 release candidate 2 QEMU 0.11.0 release candidate 1 QEMU 0.11.0-rc0 QEMU 0.11.0 QEMU 0.10.6 QEMU 0.10.5 QEMU 0.10.4 QEMU 0.10.3 QEMU 0.10.2 QEMU 0.10.1 QEMU 0.10.0 QEMU 0.9.1-5 QEMU 0.9.1 QEMU 0.9.0 QEMU 0.8.2 QEMU 0.8.1 QEMU 0.8.0 QEMU 0.7.2 QEMU 0.7.1 QEMU 0.7.0 QEMU 0.6.1 QEMU 0.6.0 QEMU 0.5.5 QEMU 0.5.4 QEMU 0.5.3 QEMU 0.5.2 QEMU 0.5.1 QEMU 0.5.0 Qemu Qemu 0.4.4 (not an official CPE) QEMU 0.4.3 QEMU 0.4.2 QEMU 0.4.1 Qemu Qemu 0.4.0 (not an official CPE) QEMU 0.4 Qemu Qemu 0.3.0 (not an official CPE) QEMU 0.3 Qemu Qemu 0.2.0 (not an official CPE) QEMU 0.2 QEMU 0.1.6 QEMU 0.1.5 QEMU 0.1.4 QEMU 0.1.3 QEMU 0.1.2 QEMU 0.1.1 Qemu Qemu 0.1.0 (not an official CPE) QEMU 0.1 QEMU QEMU QEMU 2.1.0 QEMU QEMU 2.1.0 release candidate 0 QEMU QEMU 2.1.0 release candidate 1 QEMU QEMU 2.1.0 release candidate 2 QEMU QEMU 2.1.0 release candidate 3 QEMU QEMU 2.1.0 release candidate 5 QEMU QEMU 2.1.1 QEMU QEMU 2.1.2 QEMU 2.1.3 Qemu Qemu 2.2.0 (not an official CPE) Qemu Qemu 2.2.1 (not an official CPE) QEMU 2.3.0 Qemu Qemu 2.3.1 (not an official CPE) Qemu Qemu 2.4.0 (not an official CPE) Qemu Qemu 2.4.0.1 (not an official CPE) Qemu Qemu 2.4.1 (not an official CPE) Qemu Qemu 2.5.0 (not an official CPE) Qemu Qemu 2.5.1 (not an official CPE) Qemu Qemu 2.5.1.1 (not an official CPE) Qemu Qemu 2.6.0 (not an official CPE) Qemu Qemu 2.6.1 (not an official CPE) Qemu Qemu 2.6.2 (not an official CPE) Qemu Qemu 2.7.0 (not an official CPE) Qemu Qemu 2.7.1 (not an official CPE) Qemu Qemu 2.8.0 (not an official CPE) Qemu Qemu 2.8.1 (not an official CPE) Qemu Qemu 2.8.1.1 (not an official CPE)