PublicDateAtUSN: 2016-12-31 Candidate: CVE-2016-9602 PublicDate: 2018-04-26 19:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9602 http://www.openwall.com/lists/oss-security/2017/01/17/12 http://www.openwall.com/lists/oss-security/2017/01/17/14 https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04347.html https://ubuntu.com/security/notices/USN-3261-1 https://ubuntu.com/security/notices/USN-3268-1 Description: Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. Ubuntu-Description: Notes: Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1413929 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853006 Priority: medium Discovered-by: Jann Horn Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH] Patches_qemu-kvm: upstream_qemu-kvm: needed precise_qemu-kvm: ignored (reached end-of-life) precise/esm_qemu-kvm: ignored (end of ESM support, was needed) trusty_qemu-kvm: DNE trusty/esm_qemu-kvm: DNE vivid/ubuntu-core_qemu-kvm: DNE vivid/stable-phone-overlay_qemu-kvm: DNE xenial_qemu-kvm: DNE yakkety_qemu-kvm: DNE zesty_qemu-kvm: DNE artful_qemu-kvm: DNE bionic_qemu-kvm: DNE cosmic_qemu-kvm: DNE disco_qemu-kvm: DNE eoan_qemu-kvm: DNE focal_qemu-kvm: DNE groovy_qemu-kvm: DNE hirsute_qemu-kvm: DNE devel_qemu-kvm: DNE Patches_qemu: upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=56fc494bdcba35d74da27e1d34dbb6db6fa7bd67 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=00c90bd1c2ff6aabb9ca948a254ba044a403e399 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=21328e1e57f526e3f0c2fcd00f10c8aa6e7bc07f upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=6482a961636d66cc10928dde5d4d908206e5f65a upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=0e35a3782948c6154d7fafe9a02a86bc130199c7 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=996a0d76d7e756e4023ef79bc37bfe629b9eaca7 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=56ad3e54dad6cdcee8668d170df161d89581846f upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=5507904e362df252f6065cb27d1ff98372db6abc upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=3e36aba757f76673007a80b3cd56a4062c2e3462 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=72f0d0bf51362011c4d841a89fb8f5cfb16e0bf3 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=df4938a6651b1f980018f9eaf86af43e6b9d7fed upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=a0e640a87210b1e986bcd4e7f7de03beb3db0a4a upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=a33eda0dd99e00faa3bacae43d19490bb9500e07 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=31e51d1c15b35dc98b88a301812914b70a2b55dc upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=ac125d993b461d4dee4d6df4d93ac3f2eb959d1d upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=bec1e9546e03b9e7f5152cf3e8c95cf8acff5e12 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=f9aef99b3e6df88036436b0d3dc3d504b9346c8c upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=99f2cf4b2dad7b37c69759deb0d0b19d3ec1a24a upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=d2767edec582558f1e6c52e1dd9370d62e2b30fc upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=6dd4b1f1d026e478d9177b28169b377e212400f3 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=ad0b46e6ac769b187cb4dcf0065675ef8a198a5e upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=e3187a45dd02a7490f9191c16527dc28a4ba45b9 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=d369f20763a857eac544a5289a046d0285a91df8 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=38771613ea6759f499645afd709aa422161eb27e upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=d815e7219036d6911fce12efe3e59906264c8536 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=3f3a16990b09e62d787bd2eb2dd51aafbe90019a upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=a565fea56546e254b7610305b07711f0a3bda0c7 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=c23d5f1d5bc0e23aeb845b1af8f996f16783ce98 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=b003fc0d8aa5e7060dbf7e5862b8013c73857c7f upstream_qemu: needed precise_qemu: DNE precise/esm_qemu: DNE trusty_qemu: released (2.0.0+dfsg-2ubuntu1.33) trusty/esm_qemu: released (2.0.0+dfsg-2ubuntu1.33) vivid/ubuntu-core_qemu: DNE vivid/stable-phone-overlay_qemu: DNE xenial_qemu: released (1:2.5+dfsg-5ubuntu10.11) esm-infra/xenial_qemu: released (1:2.5+dfsg-5ubuntu10.11) yakkety_qemu: released (1:2.6.1+dfsg-0ubuntu5.4) zesty_qemu: released (1:2.8+dfsg-3ubuntu2.1) artful_qemu: released (1:2.8+dfsg-3ubuntu2.1) bionic_qemu: released (1:2.8+dfsg-3ubuntu2.1) cosmic_qemu: released (1:2.8+dfsg-3ubuntu2.1) disco_qemu: released (1:2.8+dfsg-3ubuntu2.1) eoan_qemu: released (1:2.8+dfsg-3ubuntu2.1) focal_qemu: released (1:2.8+dfsg-3ubuntu2.1) groovy_qemu: released (1:2.8+dfsg-3ubuntu2.1) hirsute_qemu: released (1:2.8+dfsg-3ubuntu2.1) devel_qemu: released (1:2.8+dfsg-3ubuntu2.1)