CVE-2016-9602

Published: 31 December 2016

Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

Priority

Cvss 3 Severity Score

8.8

Score breakdown

Status

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	artful	Released (1:2.8+dfsg-3ubuntu2.1)
	bionic	Released (1:2.8+dfsg-3ubuntu2.1)
	cosmic	Released (1:2.8+dfsg-3ubuntu2.1)
	disco	Released (1:2.8+dfsg-3ubuntu2.1)
	eoan	Released (1:2.8+dfsg-3ubuntu2.1)
	focal	Released (1:2.8+dfsg-3ubuntu2.1)
	groovy	Released (1:2.8+dfsg-3ubuntu2.1)
	hirsute	Released (1:2.8+dfsg-3ubuntu2.1)
	precise	Does not exist
	trusty	Released (2.0.0+dfsg-2ubuntu1.33)
	upstream	Needed
	xenial	Released (1:2.5+dfsg-5ubuntu10.11)
	yakkety	Released (1:2.6.1+dfsg-0ubuntu5.4)
	zesty	Released (1:2.8+dfsg-3ubuntu2.1)
	Patches: upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=56fc494bdcba35d74da27e1d34dbb6db6fa7bd67 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=00c90bd1c2ff6aabb9ca948a254ba044a403e399 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=21328e1e57f526e3f0c2fcd00f10c8aa6e7bc07f upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=6482a961636d66cc10928dde5d4d908206e5f65a upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=0e35a3782948c6154d7fafe9a02a86bc130199c7 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=996a0d76d7e756e4023ef79bc37bfe629b9eaca7 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=56ad3e54dad6cdcee8668d170df161d89581846f upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=5507904e362df252f6065cb27d1ff98372db6abc upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=3e36aba757f76673007a80b3cd56a4062c2e3462 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=72f0d0bf51362011c4d841a89fb8f5cfb16e0bf3 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=df4938a6651b1f980018f9eaf86af43e6b9d7fed upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=a0e640a87210b1e986bcd4e7f7de03beb3db0a4a upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=a33eda0dd99e00faa3bacae43d19490bb9500e07 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=31e51d1c15b35dc98b88a301812914b70a2b55dc upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=ac125d993b461d4dee4d6df4d93ac3f2eb959d1d upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=bec1e9546e03b9e7f5152cf3e8c95cf8acff5e12 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=f9aef99b3e6df88036436b0d3dc3d504b9346c8c upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=99f2cf4b2dad7b37c69759deb0d0b19d3ec1a24a upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=d2767edec582558f1e6c52e1dd9370d62e2b30fc upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=6dd4b1f1d026e478d9177b28169b377e212400f3 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=ad0b46e6ac769b187cb4dcf0065675ef8a198a5e upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=e3187a45dd02a7490f9191c16527dc28a4ba45b9 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=d369f20763a857eac544a5289a046d0285a91df8 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=38771613ea6759f499645afd709aa422161eb27e upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=d815e7219036d6911fce12efe3e59906264c8536 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=3f3a16990b09e62d787bd2eb2dd51aafbe90019a upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=a565fea56546e254b7610305b07711f0a3bda0c7 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=c23d5f1d5bc0e23aeb845b1af8f996f16783ce98 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=b003fc0d8aa5e7060dbf7e5862b8013c73857c7f
qemu-kvm Launchpad, Ubuntu, Debian	artful	Does not exist
	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	precise	Ignored (end of life)
	trusty	Does not exist
	upstream	Needed
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist

Severity score breakdown

Parameter	Value
Base score	8.8
Attack vector	Network
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›