Vulnerabilities > CVE-2020-35517 - Unspecified vulnerability in Qemu

CVSS 8.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

qemu

NVD

Published: 2021-01-28

Updated: 2024-11-21

Summary

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.

Vulnerable Configurations

Part	Description	Count
Application	Qemu Qemu Qemu 5.0.0 Qemu Qemu 5.0.1 Qemu Qemu 5.1.0 Qemu Qemu 5.1.1 Qemu Qemu 5.2.0 Qemu Qemu 5.2.50	20

References

https://bugzilla.redhat.com/show_bug.cgi?id=1915823
https://bugzilla.redhat.com/show_bug.cgi?id=1915823
https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c
https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c
https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html
https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html
https://security.gentoo.org/glsa/202208-27
https://security.gentoo.org/glsa/202208-27
https://security.netapp.com/advisory/ntap-20210312-0002/
https://security.netapp.com/advisory/ntap-20210312-0002/
https://www.openwall.com/lists/oss-security/2021/01/22/1
https://www.openwall.com/lists/oss-security/2021/01/22/1