CVE-2021-20181

Description

A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.

CVSS Metrics

• v3.1•HIGH•Score: 7.5CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
• v2.0•MEDIUM•Score: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.07%• Percentile: 22%

Techniques & Countermeasures

• CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

  The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

• CWE-367•Time-of-check Time-of-use (TOCTOU) Race Condition

  The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

Affected Systems

• debian•debian_linux

  9.0 | 10.0

• qemu•qemu

  ≤ 5.2.0

References (5)

• https://www.zerodayinitiative.com/advisories/ZDI-21-159/
• https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html
• https://bugzilla.redhat.com/show_bug.cgi?id=1927007
• https://security.netapp.com/advisory/ntap-20210720-0009/
• https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html