CVE-2016-9602
Published: 31 December 2016
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
Priority
CVSS 3 base score: 8.8
Status
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9602
- http://www.openwall.com/lists/oss-security/2017/01/17/12
- http://www.openwall.com/lists/oss-security/2017/01/17/14
- https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04347.html
- https://ubuntu.com/security/notices/USN-3261-1
- https://ubuntu.com/security/notices/USN-3268-1
- NVD
- Launchpad
- Debian