QEMU CVE-2016-9602 Privilege Escalation Vulnerability

QEMU is prone to a privilege-escalation vulnerability.

An attacker can exploit this issue to to gain elevated privileges.

Quick Emulator(Qemu) built with the VirtFS are vulnerable.

Information

Bugtraq ID: 95461
Class: Design Error
CVE: CVE-2016-9602

Remote: Yes
Local: No
Published: Jan 17 2017 12:00AM
Updated: Apr 15 2017 01:04AM
Credit: Jann Horn (Google Project Zero)
Vulnerable: QEMU QEMU 0
Gentoo Linux

Not Vulnerable:

References:

• QEMU Homepage (QEMU)
  
• 9pfs: only allow directories during walk (Redhat)
  
• Bug 1413929 - (CVE-2016-9602) CVE-2016-9602 Qemu: 9p: virtfs allows guest to acc (Redhat)
  

Source: www.securityfocus.com