CVE-2018-16872 — Vulnetix

Try Vulnetix Request Demo

CVE-2018-16872 PUBLISHED

A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS.

EPSS 0.27% · 50.7th percentile

Risk Scores

EPSS Score

0.27%

50.7th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	qemu	0, 1:2.10+dfsg-0ubuntu3, 1:2.10+dfsg-0ubuntu4

Timeline

Dec 13, 2018 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score
Jan 2, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2018-16872 third-party-advisory
https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03135.html third-party-advisory
https://www.openwall.com/lists/oss-security/2018/12/13/11 third-party-advisory
https://ubuntu.com/security/notices/USN-3923-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2018-16872 third-party-advisory

Open in Interactive Console →