A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1927007 | Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210720-0009/ | Third Party Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-159/ | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2021-05-13T15:24:15
Updated: 2022-09-05T05:06:09
Reserved: 2020-12-17T00:00:00
Link: CVE-2021-20181
JSON object: View
NVD Information
Status : Modified
Published: 2021-05-13T16:15:07.653
Modified: 2023-11-07T03:28:58.977
Link: CVE-2021-20181
JSON object: View
Redhat Information
No data.