Vulnerability Database

296,202

Total vulnerabilities in the database

CVE-2017-7471

Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

  • Published: Jul 9, 2018
  • Updated: Apr 13, 2023
  • CVE: CVE-2017-7471
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9
  • AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 7.7
  • AV:A/AC:L/Au:S/C:C/I:C/A:C

CWEs:

Software From Fixed in
qemu / qemu - 2.8.1.1.x
qemu / qemu 2.9.0-rc1 2.9.0-rc1.x
qemu / qemu 2.9.0-rc2 2.9.0-rc2.x
qemu / qemu 2.9.0-rc3 2.9.0-rc3.x
qemu / qemu 2.9.0-rc0 2.9.0-rc0.x
qemu / qemu 2.9.0-rc4 2.9.0-rc4.x