A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2023-12-06T06:19:40.625Z

Updated: 2024-08-02T06:33:05.791Z

Reserved: 2023-05-24T07:54:12.009Z

Link: CVE-2023-2861

cve-icon Vulnrichment

Updated: 2024-08-02T06:33:05.791Z

cve-icon NVD

Status : Modified

Published: 2023-12-06T07:15:41.430

Modified: 2024-11-21T07:59:26.520

Link: CVE-2023-2861

cve-icon Redhat

Severity : Low

Publid Date: 2023-06-07T00:00:00Z

Links: CVE-2023-2861 - Bugzilla