CVE-2021-20263
https://notcve.org/view.php?id=CVE-2021-20263
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest. Se encontró un fallo en el demonio del sistema de archivos compartidos virtio-fs (virtiofsd) de QEMU. La nueva opción "xattrmap" puede causar que el xattr "security.capability" en el invitado no caiga en la escritura del archivo, potencialmente conllevando a un ejecutable privilegiado modificado en el invitado. • https://bugzilla.redhat.com/show_bug.cgi?id=1933668 https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210507-0002 https://www.openwall.com/lists/oss-security/2021/03/08/1 • CWE-281: Improper Preservation of Permissions •
CVE-2021-20203
https://notcve.org/view.php?id=CVE-2021-20203
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. Se encontró un problema de desbordamiento de enteros en el emulador de NIC vmxnet3 de QEMU para versiones hasta v5.2.0. Puede ocurrir si un invitado estaba suministrando valores no válidos para el tamaño de la cola rx/tx u otros parámetros de NIC. • https://bugs.launchpad.net/qemu/+bug/1913873 https://bugzilla.redhat.com/show_bug.cgi?id=1922441 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 • CWE-190: Integer Overflow or Wraparound •
CVE-2021-20181 – QEMU Plan 9 File System Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-20181
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability. Se encontró un fallo de condición de carrera en la implementación del servidor 9pfs de QEMU versiones hasta 5.2.0 incluyéndola. Este fallo permite a un cliente 9p malicioso causar un error de uso de la memoria previamente liberada, escalando potencialmente sus privilegios en el sistema. • https://bugzilla.redhat.com/show_bug.cgi?id=1927007 https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20210720-0009 https://www.zerodayinitiative.com/advisories/ZDI-21-159 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2020-35517 – QEMU: virtiofsd: potential privileged host device access from guest
https://notcve.org/view.php?id=CVE-2020-35517
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. Se encontró un fallo en qemu. Se encontró un problema de escalada de privilegios del host en el demonio del sistema de archivos compartidos virtio-fs, donde un usuario invitado privilegiado puede crear un archivo especial de dispositivo en el directorio compartido y usarlo para dispositivos host de acceso de r/w A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. • https://bugzilla.redhat.com/show_bug.cgi?id=1915823 https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210312-0002 https://www.openwall.com/lists/oss-security/2021/01/22/1 https://access.redhat.com/security/cve/CVE-2020-35517 • CWE-269: Improper Privilege Management •
CVE-2020-27821 – QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c
https://notcve.org/view.php?id=CVE-2020-27821
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0. Se encontró uno fallo en la API de administración de memoria de QEMU durante la inicialización de una caché de región de memoria. • http://www.openwall.com/lists/oss-security/2020/12/16/6 https://bugzilla.redhat.com/show_bug.cgi?id=1902651 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20210115-0006 https://access.redhat.com/security/cve/CVE-2020-27821 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •