VDB

CVE-2021-20263

CVE-2021-20263 PUBLISHED

Reported by redhat · Published March 9, 2021

A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest.

Affected Products

VendorProductVersions
n/aQEMUqemu 5.2.50
n/aQEMUqemu 5.2.50

Timeline

  • Mar 9, 2021 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 22, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 25, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 27, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 2, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score

References

  • x_refsource_MISC
  • x_refsource_MISC
  • x_refsource_CONFIRM
  • GLSA-202208-27 vendor-advisoryx_refsource_GENTOO
Open in Interactive Console →
$ Console Community · 100/wk Open console ›