CVE-2021-20181
Description
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.055
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in QEMU 5.2.0 | Windows |
| Machine emulator and virtualizer (USN-4725-1) qemu_5.0-5ubuntu9.4_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-4725-1) qemu_4.2-3ubuntu6.12_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-4725-1) qemu_2.11+dfsg-1ubuntu7.35_i386.deb | Linux |
| Machine emulator and virtualizer (USN-4725-1) qemu_2.11+dfsg-1ubuntu7.35_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-4725-1) qemu_2.5+dfsg-5ubuntu10.49_i386.deb | Linux |
| Machine emulator and virtualizer (USN-4725-1) qemu_2.5+dfsg-5ubuntu10.49_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-4725-1) qemu-system_5.0-5ubuntu9.4_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-4725-1) qemu-system_4.2-3ubuntu6.12_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-4725-1) qemu-system_2.11+dfsg-1ubuntu7.35_i386.deb | Linux |
| Machine emulator and virtualizer (USN-4725-1) qemu-system_2.11+dfsg-1ubuntu7.35_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-4725-1) qemu-system_2.5+dfsg-5ubuntu10.49_i386.deb | Linux |
| Machine emulator and virtualizer (USN-4725-1) qemu-system_2.5+dfsg-5ubuntu10.49_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-4725-1) qemu-system-x86_5.0-5ubuntu9.4_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-4725-1) qemu-system-x86_4.2-3ubuntu6.12_amd64.deb | Linux |
| Qemu update (ELSA-2021-9104) qemu-4.2.1-5.el7.x86_64.rpm | Linux |
| Qemu-block-gluster update (ELSA-2021-9104) qemu-block-gluster-4.2.1-5.el7.x86_64.rpm | Linux |
| Qemu-block-iscsi update (ELSA-2021-9104) qemu-block-iscsi-4.2.1-5.el7.x86_64.rpm | Linux |
| Qemu-block-rbd update (ELSA-2021-9104) qemu-block-rbd-4.2.1-5.el7.x86_64.rpm | Linux |
| Qemu-common update (ELSA-2021-9104) qemu-common-4.2.1-5.el7.x86_64.rpm | Linux |
| Qemu-img update (ELSA-2021-9104) qemu-img-4.2.1-5.el7.x86_64.rpm | Linux |
| Qemu-kvm update (ELSA-2021-9104) qemu-kvm-4.2.1-5.el7.x86_64.rpm | Linux |
| Qemu-kvm-core update (ELSA-2021-9104) qemu-kvm-core-4.2.1-5.el7.x86_64.rpm | Linux |
| Qemu-system-x86 update (ELSA-2021-9104) qemu-system-x86-4.2.1-5.el7.x86_64.rpm | Linux |
| Qemu-system-x86-core update (ELSA-2021-9104) qemu-system-x86-core-4.2.1-5.el7.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-audio-alsa-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-audio-alsa-debuginfo-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-audio-oss-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-audio-oss-debuginfo-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-audio-pa-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-audio-pa-debuginfo-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-audio-sdl-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-audio-sdl-debuginfo-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-block-curl-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-block-curl-debuginfo-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-block-iscsi-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-block-iscsi-debuginfo-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-block-rbd-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-block-rbd-debuginfo-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-block-ssh-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-block-ssh-debuginfo-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-debugsource-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-guest-agent-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-guest-agent-debuginfo-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-ipxe-1.0.0+-48.2.noarch.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-kvm-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-lang-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-seabios-1.12.0_0_ga698c89-48.2.noarch.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-sgabios-8-48.2.noarch.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-tools-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-tools-debuginfo-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-ui-curses-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-ui-curses-debuginfo-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-ui-gtk-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-ui-gtk-debuginfo-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-ui-sdl-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-ui-sdl-debuginfo-3.1.1.1-48.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-vgabios-1.12.0_0_ga698c89-48.2.noarch.rpm | Linux |
| SUSE-SU-2021:1242-1(SUSE Linux Enterprise Server 12-SP5 ) qemu-x86-3.1.1.1-48.2.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234