CVE-2017-7471

Advisory lineage Upstream: 0 Downstream: 8

Downstream

DEBIAN-CVE-2017-7471 DLA-1035-1 OPENSUSE-SU-2024:11287-1 SUSE-SU-2017:1774-1 SUSE-SU-2017:2946-1 SUSE-SU-2017:2963-1

Modified

Published: 09 Jul 2018, 14:00

Last modified:05 Aug 2024, 16:04

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9 CRITICAL

v3.1 (nvd)

EPSS Score

0.57% LOW

1% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

09 Jul 2018, 14:00

Published

Vulnerability first disclosed

05 Aug 2024, 16:04

Last Modified

Vulnerability information updated

Description

Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

CVSS Metrics

v3.1•CRITICAL•Score: 9CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
v2.0•HIGH•Score: 7.7AV:A/AC:L/Au:S/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.57%• Percentile: 69%

Techniques & Countermeasures

CWE-732•Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Affected Systems

qemu•qemu
≤ 2.8.1.1 | 2.9.0:rc0 | 2.9.0:rc1 | 2.9.0:rc2 | 2.9.0:rc3 | 2.9.0:rc4