CVE-2023-2861

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2023-2861	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2219266	Issue Tracking Patch
https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html
https://security.netapp.com/advisory/ntap-20240125-0005/
https://security.netapp.com/advisory/ntap-20240229-0002/

Configurations

Configuration 1 (hide)

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

History

11 Mar 2024, 18:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html - () https://security.netapp.com/advisory/ntap-20240229-0002/ -

25 Jan 2024, 14:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20240125-0005/ -

11 Dec 2023, 17:44

Type	Values Removed	Values Added
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2219266 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2219266 - Issue Tracking, Patch
References	~~() https://access.redhat.com/security/cve/CVE-2023-2861 -~~	() https://access.redhat.com/security/cve/CVE-2023-2861 - Vendor Advisory
CWE		NVD-CWE-Other
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.1
CPE		cpe:2.3:a:qemu:qemu::::::::

06 Dec 2023, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-06 07:15

Updated : 2024-03-11 18:15

NVD link : CVE-2023-2861

Mitre link : CVE-2023-2861

CVE.ORG link : CVE-2023-2861

JSON object : View

Products Affected

qemu

qemu

CWE

NVD-CWE-Other CWE-284

Improper Access Control

{"id": "CVE-2023-2861", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.8}]}, "published": "2023-12-06T07:15:41.430", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-2861", "tags": ["Vendor Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219266", "tags": ["Issue Tracking", "Patch"], "source": "patrick@puiterwijk.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html", "source": "patrick@puiterwijk.org"}, {"url": "https://security.netapp.com/advisory/ntap-20240125-0005/", "source": "patrick@puiterwijk.org"}, {"url": "https://security.netapp.com/advisory/ntap-20240229-0002/", "source": "patrick@puiterwijk.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en la implementaci\u00f3n del sistema de archivos de paso 9p (9pfs) en QEMU. El servidor 9pfs no prohib\u00eda la apertura de archivos especiales en el lado del host, lo que potencialmente permit\u00eda que un cliente malicioso escapara del \u00e1rbol 9p exportado creando y abriendo un archivo de dispositivo en la carpeta compartida."}], "lastModified": "2024-03-11T18:15:15.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A178AFEF-359C-427C-99C6-EC003039FF3B", "versionEndExcluding": "8.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}