CVE-2021-20263

Опубликовано: 09 мар. 2021

Источник: nvd

CVSS3: 3.3

CVSS2: 2.1

EPSS Низкий

Описание

A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1933668
Issue Tracking
Patch
Third Party Advisory
https://security.gentoo.org/glsa/202208-27
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210507-0002/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/03/08/1
Mailing List
Patch
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1933668
Issue Tracking
Patch
Third Party Advisory
https://security.gentoo.org/glsa/202208-27
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210507-0002/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/03/08/1
Mailing List
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Версия от 5.0.0 (включая) до 5.2.50 (исключая)

EPSS

Процентиль: 33%

0.00133

Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-281

Связанные уязвимости

CVE-2021-20263

CVSS3: 3.3

ubuntu

почти 5 лет назад

CVE-2021-20263

CVSS3: 3.3

redhat

почти 5 лет назад

CVE-2021-20263

CVSS3: 3.3

debian

почти 5 лет назад

A flaw was found in the virtio-fs shared file system daemon (virtiofsd ...

GHSA-349h-phx6-ghfj

CVSS3: 3.3

github

больше 3 лет назад

BDU:2022-05711

CVSS3: 3.3

fstec

почти 5 лет назад

Уязвимость компонента security.capability эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 33%

0.00133

Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-281